Demonstrate Effective Data Privacy Through Implementing A Personal Information Management System
Join our complimentary webinar to find out about the benefits of a personal information management system and how to effectively demonstrate compliance to both privacy and information security requirements of GDPR.
20 Mar 2019, 09:30
20 Mar 2019, 10:30
BS 10012:2017 specification for a personal information management system (PIMS) was revised in 2017 specifically to address the EU GDPR requirements. It provides a framework regarding the collection, processing and disposal of records containing personal data.
ISO/IEC 27001:2013 can be applied to any organisation to create a framework for an Information Security Management System which helps to ensure the confidentiality, integrity and availability of information. As well as identifying risks, threats and vulnerabilities are identified, prioritised and cost effectively managed.
By achieving certification to BS 10012 and ISO/IEC 27001 combined, compliance can be demonstrated to both the privacy and information security requirements of GDPR.
This webinar covers the requirements of a BS 10012:2017 PIMS, and the process of gaining certification. It also discusses the benefits of combining PIMS certification with accredited ISO/IEC 27001, and the transition to ISO certification.
The following topics will be discussed:
- Overview of BS 10012:2017
- Review of key requirements in BS 10012:2017
- Clause 4 – Context of the organisation
- Clause 5 – Leadership
- Clause 6 – Planning
- Clause 7 – Support
- Clause 8 – Operation
- Clause 9 – Performance evaluation
- Clause 10 – Improvement
- How SGS can assist organizations with the PIMS certification process
- Key benefits of combining PIMS & ISO/IEC 27001:2013 certification
- Key changes: BS 10012:2017 & the transition to ISO certification
Richard Skipsey, Global Product Manager – ISO/IEC 27001, ISO 22301 & ISO 20000
Richard has 20 years information security experience. These include roles in risk management and internal audit within financial services & telecoms. This included working for one of the first ISP’s to achieve BS 7799 (now ISO/IEC 27001). Richard has also worked in external audit across a wide range of sectors, including as a Qualified Security Assessor, assessing credit card security in compliance to the PCI DSS.
Richard joined SGS in August 2012 as an ISMS auditor and UK Product Manager. Richard’s role within SGS now focuses on global responsibility for ISO/IEC 27001, ISO 22301, & ISO 20000. This role includes coordinating the accreditation and training programme for revisions of existing standards & development of new standards.
Ray Woodford, UK Product Manager – ISO/IEC 27001, ISO 22301 & ISO 20000
Ray has over 40 years’ experience in IT with non-auditing skills including project management, bid management, due diligence, service delivery management, ISMS & quality systems implementation, information security consultancy, incident management, business continuity and risk management. He has 13 years ISO/IEC 27001 auditing experience and is a qualified lead auditor for ISO 22301 and ISO 9001. Ray has been working for SGS for 6 years, and is currently UK Product Manager for ISO/IEC 27001, ISO 22301 and ISO 20000.
This webinar would be of interest to Data Protection Officers, Compliance Managers & ISMS Managers at organizations handling large quantities of personally identifiable information. Examples include public sector (local government & healthcare sector), law firms, hospitality, financial services, trade unions, media organizations, travel agencies, gyms/leisure sector, call centres.
For information, please contact:
SGS United kingdom Ltd
t: +44 (0)1276 697715