Thamer James Blog
Governance, Risk & ComplianceISO27701 2019 Versus BS10012
ISO27701 2019 extension to ISO27001 – Privacy Information Management has just been published. This robust addition addresses the management of personally identifiable information in a way that ISO27001 2013 did not. It is fair to say that 27001 made reference to the...
Senior Managers & Certification Regime (SM&CR) – a Basic Guide
Introduction The SM&CR will apply to all firms across the financial services sector from December 2019 in some shape or form and will replace the existing Approved Persons Regime. This means that you need to start preparing and...
BS10012 & ISO27552
The difference explained? The draft publication of ISO27552 – Privacy Information Management is available to purchase. This makes an interesting read and is a must for any data protection advocate seeking to enhance privacy controls. But what exactly is it and how...
BS10012 Data Protection
Why Consider it? Many organisations were busily working to meet the deadline of the GDPR May 25th, 2018. Data maps to address Article 30 were created in large volumes etc along with associated forms and templates. The topic of data protection is not is visible as it...
BS10012 – Creating the PIMS Policy
As with all management Standards BS10012 require the most senior member of the management team to create a PIMS (Personal Information Management Policy). This should be relevant to the organisation and consider its scope and context. Corporate data protection...
BS10012 – Leadership & DPA
Article five of the DPA 2018 requires accountability for the six principles laid out in detail. The organisation must demonstrate its own arrangements thus accountability as to how it has complied with the DPA 2018. A standard purchase & implementation of on-line...