PIMS Personal Information Consulting and Guidance
Our consulting team offers PIMS personal information consulting and guidance to help enterprises get certified to ISO 29100 and protect the critical personal information of customers and related parties by improving management processes.
PIMS governance guidance services are required by competent authorities, laws and regulations, and are desired by enterprises that actively seek solutions to control employee and customer information. These services can be used to introduce a personal information protection management system through business processes and activities. By determining the flow of personal information and effectively implementing risk management for personal information processes including collection, processing, and utilization, areas that need controls inside and outside the organization can be identified.
ISSDU's PIMS services are carried out by our information security management consulting service team. Each of our consultants has more than eight years of consulting experience. The consulting team provides guidance on getting certified to the latest versions of BS 10012 and ISO 29100 government agencies, telecommunication companies, educational institutions, and medical institutions. In accordance with the Personal Data Protection Act, the team conducts compliance audits and situation interviews, allowing organizations to be compliant with standard and regulatory requirements during guidance.
Enhance Personal Information Protection Management Systems to Comply with the Personal Data Protection Act and GDPR
PIMS Consulting and Guidance's Service Advantages and Benefits
Experienced Consulting Team
With rich experience in information security, all ISSDU information security consultants have provided guidance on management system certification for different organizations, and are able to offer solutions that fit the needs of customers
Customized Guidance Planning
Flexible adjustments can be made according to the type and needs of the customer organization. Our consultants provide guidance on making minimal changes through integration in accordance with different laws, regulations, and standard requirements
Preventive Control of Personal Information Protection
We adopt a process-based approach to quickly get familiar with the flow of personal information within the organization; through effective preventive security controls, we ensure that personal information is protected and managed properly to comply with laws and regulations and to protect reputation.
Compliance Guidance
Our consulting team provides management guidelines to assist enterprises in introducing a sound management system to comply with regulatory and standard requirements, e.g., the Personal Data Protection Act, EU GDPR, BS 10012, ISO 29100, and ISO 27701
PIMS Personal Information Consulting and Guidance Flow
01 Plan
02 Do
03 Check
04 Act
- Situation Diagnosis and Gap Analysis
Analyze the gap with international standards based on your organization's existing personal information protection system, business operation characteristics, or document/form testing and bridge the gap through guidance. - Establishment of Personal Information Management System Documentation
Customize four-level PIMS documentation for your organization, including personal information protection policies, management procedures, work instructions, documents/forms and records, by conducting interviews and understanding the business operation characteristics of your organization. - Risk Assessment and Management
Identify threats to and vulnerabilities in personal information assets, determine potential threats and their likelihood of occurrence, and produce risk assessment reports to effectively manage and reduce risks. - System Implementation Guidance and Internal Auditing
Implement an overall personal information system based on the four-level documentation, including the identification of personal information processes, continuous operations in case of personal information leakage, data subjects’ exercise of rights, training, and the execution records of relevant activities, review the implementation of the system through internal audits, and check the results. - External Auditing and Certification
Cooperate with third-party certification bodies in performing Personal Information Management System (PIMS) and Personal Information Privacy Management audits and obtain BS 10012/ ISO 29100 or ISO 27701 management system certification.
PIMS個資顧問輔導常見問題
目前BSI、SGS、TUV、艾法諾、貝爾...等。
顧問可以依戶需求協助評估,可透過實地訪談、現場評估來了解制度導入範圍,基本上只要個資業務流程上觸碰到個人資料之單位皆屬於範圍內,例如:派工流程,觸碰單位客服、工程、業務等。
可依照客戶需求辦理。
BS 10012/ ISO 29100或ISO 27701等管理制度證書有效期為三年,每年須定期審查。
驗證範圍內的個人資料活動之流程必須要包含蒐集、處理、利用,始得辦理驗證作業。
ISSDU Provides You with Services that Fit Your Industry and Needs
We offer
customized
information security testing services