Standards Development

Scope

This British Standard specifies requirements for a personal information management system (PIMS), which provides a framework for maintaining and improving compliance with data protection requirements and good practice.

This British Standard is for use by organizations of any size and sector. It is intended to be used by those responsible for planning, establishing, implementing and maintaining a PIMS within an organization. It is intended to provide a common ground for the responsible management of personal information, for providing confidence in its management, and for enabling an effective assessment of compliance with data protection requirements and good practice by both internal and external assessors.

Purpose

The revision is necessary to:

• Maintain alignment with evolving UK and international data protection frameworks.
• Support organisations in implementing data protection principles such as accountability, transparency, and data minimisation.
• Provide a practical, risk-based approach to managing personal information that complements existing information security frameworks.
• Reflect current best practice and lessons learned since the publication of BS 10012:2017 and Amendment 1:2018.
• Ensure continued usability and scalability for organisations of all types and sizes, with particular consideration for SMEs.

The Relevant TC/SC:
The developing committee is IST/33/5 – Identity Management and Privacy Technologies, operating under the direction of IST/33 – Information Security, Cybersecurity and Privacy Protection.
IST/33/5 is responsible for UK input into ISO/IEC JTC 1/SC 27/WG 5, which covers international standards for identity management, privacy frameworks, and privacy-enhancing technologies. The committee oversees the preparation, publication, review, and revision of relevant British Standards related to privacy and personal information management.