PIMS Personal Information Consulting and Guidance

Our consulting team offers PIMS personal information consulting and guidance to help enterprises get certified to ISO 29100 and protect the critical personal information of customers and related parties by improving management processes.

PIMS governance guidance services are required by competent authorities, laws and regulations, and are desired by enterprises that actively seek solutions to control employee and customer information. These services can be used to introduce a personal information protection management system through business processes and activities. By determining the flow of personal information and effectively implementing risk management for personal information processes including collection, processing, and utilization, areas that need controls inside and outside the organization can be identified.

ISSDU's PIMS services are carried out by our information security management consulting service team. Each of our consultants has more than eight years of consulting experience. The consulting team provides guidance on getting certified to the latest versions of BS 10012 and ISO 29100 government agencies, telecommunication companies, educational institutions, and medical institutions. In accordance with the Personal Data Protection Act, the team conducts compliance audits and situation interviews, allowing organizations to be compliant with standard and regulatory requirements during guidance.

Enhance Personal Information Protection Management Systems to Comply with the Personal Data Protection Act and GDPR

PIMS Consulting and Guidance's Service Advantages and Benefits


Experienced Consulting Team

With rich experience in information security, all ISSDU information security consultants have provided guidance on management system certification for different organizations, and are able to offer solutions that fit the needs of customers

Customized Guidance Planning

Flexible adjustments can be made according to the type and needs of the customer organization. Our consultants provide guidance on making minimal changes through integration in accordance with different laws, regulations, and standard requirements

Preventive Control of Personal Information Protection

We adopt a process-based approach to quickly get familiar with the flow of personal information within the organization; through effective preventive security controls, we ensure that personal information is protected and managed properly to comply with laws and regulations and to protect reputation.

Compliance Guidance

Our consulting team provides management guidelines to assist enterprises in introducing a sound management system to comply with regulatory and standard requirements, e.g., the Personal Data Protection Act, EU GDPR, BS 10012, ISO 29100, and ISO 27701

PIMS Personal Information Consulting and Guidance Flow

01 Plan

02 Do

03 Check

04 Act

  • Situation Diagnosis and Gap Analysis
    Analyze the gap with international standards based on your organization's existing personal information protection system, business operation characteristics, or document/form testing and bridge the gap through guidance.
  • Establishment of Personal Information Management System Documentation
    Customize four-level PIMS documentation for your organization, including personal information protection policies, management procedures, work instructions, documents/forms and records, by conducting interviews and understanding the business operation characteristics of your organization.
  • Risk Assessment and Management
    Identify threats to and vulnerabilities in personal information assets, determine potential threats and their likelihood of occurrence, and produce risk assessment reports to effectively manage and reduce risks.
  • System Implementation Guidance and Internal Auditing
    Implement an overall personal information system based on the four-level documentation, including the identification of personal information processes, continuous operations in case of personal information leakage, data subjects’ exercise of rights, training, and the execution records of relevant activities, review the implementation of the system through internal audits, and check the results.
  • External Auditing and Certification
    Cooperate with third-party certification bodies in performing Personal Information Management System (PIMS) and Personal Information Privacy Management audits and obtain BS 10012/ ISO 29100 or ISO 27701 management system certification.

PIMS個資顧問輔導常見問題


PIMS個資保護管理制度導入通常需要花多久時間完成?
視組織需求:不同範圍、個資資料流程之單位數量、人數,會有所不同,基本上7~8個月完成。

目前BSI、SGS、TUV、艾法諾、貝爾...等。

顧問可以依戶需求協助評估,可透過實地訪談、現場評估來了解制度導入範圍,基本上只要個資業務流程上觸碰到個人資料之單位皆屬於範圍內,例如:派工流程,觸碰單位客服、工程、業務等。

可依照客戶需求辦理。

BS 10012/ ISO 29100或ISO 27701等管理制度證書有效期為三年,每年須定期審查。

驗證範圍內的個人資料活動之流程必須要包含蒐集、處理、利用,始得辦理驗證作業。

ISSDU Provides You with Services that Fit Your Industry and Needs

We offer customized information security testing services