BS10012.
Out-of-the-Box compliance. Within your reach.
Out-of-the-Box compliance. Within your reach.
Who says lack of budget or access to expertise should stop you from getting BS10012 compliant? And remain compliant?
Arrka empowers you at each stage
Whether you are just thinking of BS 10012 certification or are already certified
Thinking about it?
You need to get compliant and certified. Yet you worry about finding the budgets and experts. Worry not — The Arrka platform equips you. Get going on your own. Quickly & easily.
Documentation done?
Policies & documents Completed. Controls are being rolled out. The Arrka platform helps automate & streamline — so your evidences are ready for your audit.
Already Certified?
Yayy! Now to ensure you remain compliant. The Arrka platform equips you for that. Throughout the certification lifecycle.
BS10012 compliance simplified and streamlined.
Simplified & Quick Assessments
Hassle-free Gap Assessments & Privacy Testing. Across Teams & Geos.
Centralised Controls Management
Easily implement & manage all controls. Preconfigured workflows for process controls. Import logs & reports from 3P tech controls.
Handy Built-in Tools
Personal Data Inventory, DPIA, DPdD, Vendor Privacy Management, Contracts Management and many others to help your Privacy program.
KPIs, Metrics & Dashboards
Leverage preset KPIs or configure your own to track & measure your compliance on a continual basis. Generate Alerts & Reports as required.
FAQs on BS10012 compliance
What is BS 10012?
- BS 10012 is a leading International Standard for Data Privacy. It is a British standard that sets out the requirements for implementing a Privacy Program and aligns with the principles of the European General Data Protection Regulation (EU GDPR). It outlines the core requirements organizations need to consider when collecting, storing, processing, retaining, or disposing of Personal Data. It helps organizations design and implement policies and procedures as part of their Privacy Program.
- BS 10012 provides a framework to help organizations maintain and improve compliance with data protection legislations and provide assurance to their stakeholders.
Why do organizations implement and get certified for BS 10012?
- BS 10012 is easily integrated with other popular management system standards like ISO. Implementing BS 10012 helps organizations identify and manage Data Privacy risks, supports regulatory compliance with Privacy regulations, inspires customer trust and protects reputation and helps benchmark with recognized best practice.
- An organization gets certified for BS 10012 after an audit by accredited certifying bodies. When a trusted external body provides this ‘stamp of approval’, it provides assurance to the outside world that the organization has indeed implemented Data Privacy in a comprehensive structured manner as per the BS 10012 standard.
- Many external stakeholders like customers, regulators, business associations etc. require organizations to get certified as a pre-requisite to doing business. Even without such mandates, several organizations get certified for BS 10012 to build and convey trust to their ecosystem.
Is BS 10012 only for large enterprises?
- Not at all! You can be of any size to get certified for BS 10012. BS 10012 can help organizations of any size in the public and private sectors to initiate, implement and maintain a Privacy Program.
What is the process for BS 10012 certification?
- You need to first design and implement the BS 10012 standard in your organization. Once you complete the implementation and build sufficient evidence to prove that you have the standard running smoothly, you call an accredited agency to certify you. The agency will conduct an audit to assure itself that you have indeed implemented the standard. Post which, it awards you the certification.
How long is the BS 10012 certificate valid for? What is the certification lifecycle?
- A certificate is valid for three years. Organizations are expected to not just stay compliant but to improve their Privacy related processes in these three years.
Does BS 10012 need to be deployed and/or certified across my entire organization or can it be done in ‘parts’?
- Although you can deploy BS 10012 in only certain ‘parts’ of the organization which are exposed to Privacy Laws, there are many Privacy related processes which make more sense when deployed at an organization level. You can restrict the certification to only certain parts of the organization, depending on business priorities and budgetary constraints.
If we avail of Arrka’s BS 10012 solution, what happens to the security and Data Privacy products and other activities that we already have in place?
- We DO NOT ‘replace’ anything that you have already deployed. We merely build on it and add the ‘missing’ pieces. Our endeavor is to leverage whatever has been already done so you can move towards your goal faster.
We have no one in our organization who understands BS 10012 in depth, nor does anyone have the time to spend on this. How does Arrka help?
- We at Arrka have done all the hard work on your behalf – so you don’t need to spend time understanding what BS 10012 is all about. All of this is baked into the platform.
- Further, for actual deployment, we have a team of consultants who will handhold you through the whole process to get you going. And if you need help for day-to-day management of your Data Privacy program, then the Arrka team can take that on as well. In short, we work as your virtual DPO (Data Protection Officer).
Everyone else we have spoken to for our BS 10012 requirement is a consulting services firm. So, what is the big deal about the Arrka platform that makes it so different from the others?
- The Arrka platform has all the necessary ‘intelligence’ built into it for BS 10012. This means that you can do the entire deployment of the standard on your own or with our customer assistance team. In other words, there is no dependence on people and their individual competencies. Secondly, with everything automated on the platform, it takes up to 70% less time to implement. And you have all the information you need at your fingertips at any given point in time – no laborious excel sheets and email threads to scan through. Thirdly, the day-to-day management and operations being fully configured on the platform, you have everything in one place to manage your entire BS 10012 program. This includes managing client contracts, vendors, auditors, etc. So not only does it help during the initial certification but also through the entire lifecycle.
If we use the Arrka solution, will our Personal Data reside on the Arrka platform?
- Not at all! Your data continues to remain exactly where it is. The Arrka platform only helps you manage the compliance end-to-end, for which we do not need access to the actual data at any point in time.
If we use the Arrka solution, will we need to deploy anything on our servers?
- Nothing is required to be installed or deployed on your servers
If we need to reach out and talk to a Privacy expert at any point in time, can Arrka help with that?
- Yes, Arrka has a pool of Privacy Experts who can step in to help you with any queries you have or any assistance you may need.
Have additional laws and standards to comply with?
We understand that your business is probably spread across multiple countries – so you may need to comply with more than one law or standard at the same time. Worry not; we can easily do that without missing a beat.
