Regulatory compliance is a brand-building opportunity
Managing personal data’s a growing challenge for organisations worldwide. They’re holding more and more information about the people they work with. And the regulations controlling how they do that are becoming ever more sophisticated and complex.
Our all-in-one solution makes achieving the right level of personal data protection for your organisation a much simpler, more efficient task.
- Safeguard your organisation’s brand and reputation
- Make sure you’re not ordered to stop processing personal data
- Avoid substantial fines and other related costs
- Win new business and strengthen existing customer relationships
And it makes it easy to show you’re following all the relevant regulations.
- Be ready for questionnaires or audits from potential or current customers
- Achieve globally-recognised standards like ISO 27701 or BS 10012
- Show your senior managers you’re on top of your organisation’s personal data
If you’re going for ISO 27701, you’ll also need ISO 27001. If you don’t already have it, we can help you achieve first time ISO 27001 compliance or certification too.
“There is no doubt that ISMS.online was the one thing that ensured we attained full GDPR compliance in an organised and timely fashion. In fact, we have benefitted so much from it that we are looking to press on and use ISMS.online for the attainment of ISO 27001 during 2019.”
Andrew Rowley – Director TTG
What you’re protecting (and why it has different names)
Your organisation needs to protect the personal data it holds or manages. Personal data is any information that relates to an identified or identifiable individual. It can cover anything from a name and address, to a record of purchases made, to confidential medical records.
Personal data protection regulations and methods are developing fast. One effect of that is that there are many different ways of describing the data you’re protecting. For example:
- The UK Information Commissioner’s Office (ICO) calls it “personal data”
- The British Standards Institute (BSI) calls it “personal information”.
- The International Standards Organisation (ISO) calls it “privacy information”
To keep things simple, we usually call it personal data. We sometimes use the terms personal information or privacy information when we’re quoting the BSI or ISO or referring to their particular standards.
Talking about the management system that will protect your personal data is easier.
- The ICO doesn’t have a specific name for it
- The BSI calls it a Personal Information Management System
- The ISO calls it a Privacy Information Management System
Both of those specific terms shorten to PIMS, so that’s what we call it.
How we’ll help you protect your personal data
We can accelerate you to one of three levels of personal data protection. From complying with local regulations to integrating your new PIMS with your existing information security management system (ISMS), we can help.
Make sure you’re covering the privacy basics
Work through the ICO’s data protection assurance checklist
Helps you achieve:
- A firm foundation for your privacy work and a clear steer on what to do next
Comprehensively protect your personal data
Create a stand-alone PIMS for your organisation
Helps you achieve:
- BS 10012 alignment or certification
- Increased structure, assurance and visibility for your compliance work with GDPR, UK Data Protection Act and any other related regulations
Combine personal data and infosec protection
Extend your ISMS with a PIMS or create both together
Helps you achieve:
- ISO 27701 and (if you don’t already have it) ISO 27001 alignment or certification
- Increased structure, assurance and visibility for your compliance work with any global data protection regulation
Our all-in-one-place platform and expert support teams give you:
- All the help you need to get it right first time
- Pre-loaded frameworks and tools that simplify every step of the process
- A transparent system that makes showing how well protected you are easy
You just add:
- Your own knowledge of your business
- A surprisingly small amount of time and effort
“Our staff immediately took to the ISMS.online platform and it has really expedited our route to achieving ISO 27001 and GDPR. The Policy Pack feature makes it easy to track who has read company policies, giving us an instant audit trail documenting compliance – a big tick in the box when it comes to our audit for ISO 27001!”
Sandra Lewy – Director, Business Operations and Research Coordinator at IACCM
Cover the basics with the ICO checklist
Want to understand how well your organisation’s protecting its personal data and see how it can improve? The ICO Checklist is an excellent starting point.
It’s designed to help private, public and third sector SMEs see how GDPR compliant they are. It’s freely available on the ICO website, but they don’t give much practical support with it. We’ll show you how to work through, understand and start acting on it.
Completing the ICO checklist is a first step towards effective personal data protection. It’ll help you assess your existing measures and plan your journey to GDPR compliance.
Build compliance and trust with a stand-alone PIMS
Need to take a recognised, structured approach to complying with GDPR or GDPR-inspired regulations? Creating a stand-alone PIMS based on BS 10012 is the way to go.
The BS 10012 standard draws on GDPR and the UK Data Protection act. Many other global regulations are based on GDPR. So achieving BS 10012 alignment or certification will make complying with GDPR or any of the regulations inspired by it much easier.
Achieving a globally-recognised personal data protection standard also builds customer and stakeholder trust. They’ll see just how carefully you look after their information.
Create across the board security with a PIMS and an ISMS
Do you have to comply with many different data protection or privacy laws? Are you building on an ISO 27001 compliant or certified ISMS? We recommend an ISO 27701-based PIMS.
ISO 27701 is regulation-independent, so it’s easy to flex it to meet the needs of multiple jurisdictions. You can only achieve it alongside ISO 27001, so it’s also an excellent choice if you’re looking to complement your ISMS or want to achieve full-spectrum security.
And of course it’s a great way of strengthening customer and stakeholder trust and relationships. They’ll know just how seriously you take every aspect of their digital security.
What you’ll get
Help meeting regulations and achieving globally recognised standards
A clear path to complying with global privacy regulations
A simple, all-in-one-place platform that helps you bring together everything you need to show you’re complying with the relevant privacy regulations.
Frameworks for BS 10012 and ISO 27701
Our platform comes pre-loaded with frameworks that’ll structure your privacy compliance project and help guide you to its successful completion.
Live support from our team of privacy and platform specialists
Our privacy specialists will help you with any confidence, capability, capacity and discipline challenges. And our support team will make sure you get the most out of our platform.
A suite of unique privacy management tools
Record all your data processing activities
We make data mapping a simple task. It’s easy to record and review it all, adding your organisation’s details to our pre-configured dynamic Records of Processing Activity tool.
A secure space for Subject Access Requests
You’ll need to show how well you manage Subject Access Requests. Our secure SAR space keeps it all in one place, supporting it with automated reporting and insight.
Powerful risk assessment and management tools
We’ve created a built-in risk bank and a range of other practical tools that’ll help with every part of the risk assessment and management process.
Simple privacy assessment templates
It’s easy to set up and run different kinds of privacy assessment, from data protection impact assessments to regulatory or compliance readiness ones.
Effective, responsive breach management
You’ll be ready when the worst happens. We make it easy to plan and communicate your breach workflow, and document and learn from each and every incident.
Plus a range of other specially-created tools…
Our tried-and-tested people and progress management tools
Highly efficient project oversight and collaboration
Our workspace makes collaboration easy and simplifies progress monitoring, with a simple approval process and automated reviews built in as standard.
Optional supply chain management tools
We can help you show that you’re in control of your supply chain, covering everything from contracts and contacts to relationship and performance management and monitoring.
Help and support engaging your people
Your staff need to be right at the heart of your GDPR solution. Our optional comms and engagement tools can help you bring them on board and keep them compliant.