GRC International Group plc and all its companies, including the IT Governance one-stop shops, now have a PIMS (personal information management system) certified to BS 10012. We’ve long recommended to clients that the best way to build a privacy compliance framework that ensures you are able to demonstrate GDPR compliance is to combine ISO 27001 and BS 10012 with a solid accountability framework, and we’re pleased to have now done that ourselves.
Importantly, achieving BS 10012 certification wasn’t that difficult – not only because we were able to deploy our own consultants on the project, but also because we’d already done so much to ensure that we were GDPR compliant that implementing BS 10012 was as simple as identifying the small number of requirements that we hadn’t yet met and putting appropriate processes or actions in place – and that was the job done.
One of the key reasons for building a privacy compliance framework is the recognition that most organisations – however good their controls – are sooner or later going to suffer a breach; what matters is the resilience of the organisation and the speed with which it can deal with and respond to any breach. We’ve certainly had one or two opportunities to put our breach readiness planning to the test over the last three months!