BS 10012:2017 + A1:2018 Lead auditor (Personal Information Management System) Training Course

Through the management system audit and certification, the organization can demonstrate its ability on legal (i.e. EU GDPR, DPA, IPRs), legislationstandards (i.e. ISO, IEC, IEEE), contractual obligation (i.e. Trade Secret, IP), policy and procedures compliance.

Also, the competence to plan, operation and continual improvements the management system to control the risks and achieve its expected outcome.


The successful completion of the Personal Information Management System (PIMS) Lead Auditor Training Course, is pre-requisite and essential to becoming a PIMS Auditor.  

To participate in this training course, the following prior knowledge were expected: 

  1. Knowledge of Management System Compliance (ISO 19600)
    • Process approach (Plan-Do-Check-Act)
    • Business overall compliance risk management (ISO 31000), includes legal, legislation, contractual obligations, standards, policies, and procedures.
    • Top management leadership, other roles and responsibilities to support management system
    • Consideration of planning a management system - identify the organizational and technical measures to manage the identified risk
    • Supporting required by the management system 
    • Management system operation consideration - monitoring, reporting and communicating 
    • Performance evaluation of a management - objectives evaluation, Internal Audits, and Management Review 
    • Continually improve the effectiveness of a management system
  2. Knowledge of personal information management principles and concepts includes but not limited to:
    • lawfulness, fairness, and transparency;
    • purpose limitation
    • data minimization 
    • accuracy
    • storage limitation
    • integrity and confidentiality
  3. Management system audit (ISO 19011)
    • Audit programme management 
    • Initial the audit
    • Prepare for an audit
    • Document review
    • Preparing for on-site audit
    • Audit skills
    • Conducting on-site audit 
    • Preparation of Audit evidence and findings
    • Audit report
    • Audit follow-up 
  4. BS 10012: Knowledge of the requirements of BS 10012 and the commonly used personal information management terms and definitions.
  5. Understand the management system certification requirements, i.e. ISO/IEC 17021-1 Conformity assessment - Requirements for bodies providing audit and certification of management systems - Part 1: Requirements 

Note. You are advised that course examination questions can relate to any requirement of BS 10012 and the expected prior knowledge. For delegates who do not have these, we recommend attending our foundation training course. 

Who should attend?

This is intended for those who will be involved in leading audits of a PIMS that conforms to the latest  BS 10012 in any organization.

Suggested job functions and their teams include:

  • DPO (data protection officer) and representatives 
  • Information security managers
  • IT and corporate security managers
  • Corporate governance managers
  • Risk and compliance managers
  • Information security consultants

Learning objectives

  • Learn how to explain the purpose and business benefits of a PIMS, of PIMS standards, of management system audit and of third-party certification
  • Learn how to explain the role of an auditor to plan, conduct, report, and follow-up a PIMS audit in accordance with ISO 19011 (and ISO 17021) where appropriate
  • Learn how to plan, conduct, report and follow-up an audit of a PIMS to establish conformity (or otherwise) with BS 10012 in accordance with ISO 19011 (and ISO 17021 where appropriate)

Course benefits

  • Your organization will have an internal resource and process to be able to conduct its own audit of its PIMS to assess and improve conformance with BS 10012
  • You will gain a professional qualification that certifies that you have the knowledge and skills to be able to lead a team to conduct an audit of a PIMS in any organization
  • Successful auditing will improve the protection of any organization’s personal data to meet market assurance and corporate governance needs
  • Understand how to identify gaps in a PIMS system
  • Accurately audit will be able to provide continuous improvement to a management system
  • Meet training requirements for auditor certification 

Course outline

Day 1, management system knowledge (BS 10012)

  • The benefits of PIMS
  • Process approach, Plan-Do-Check-Act (PDCA) and PIMS
  • PIMS terms and definitions 
  • The PIMS processes and meaning for PIMS auditor
  • Documented information for PIMS

Day 2, guidelines for auditing management systems (ISO 19011 and ISO 17021)

  • Purpose of audit
  • PIMS internal audit, supplier audit and certification audit requirements
  • Audit processes
  • Auditor responsibilities 

Day 3, simulate the process of planning, preparation for an audit

  • Planning an audit
  • Preparation of audit work documents includes a checklist
  • Conduct a Stage 1 audit (document review)
  • Prepare a Stage 2 (on-site) audit plan

Day 4, simulate the opening meeting, on-site audit activities, and role-play

  • Opening meeting 
  • Roleplay for audit scenarios 
  • Practice audit skills of collecting audit evidence
  • Prepare audit findings, includes conformance, non-conformity (NC), and opportunity for improvement (OFI) 
  • Prepare audit report 

Day 5, simulate the closing of on-site audit - close meeting and follow-up

  • Closing meeting 
  • Audit follow-up
  • Management system certification 
  • Course examination 

What's included?

  • Course material
  • Course examination 
  • Course certificate

Organizational information

Please contact us for more information or support 

Last modified: Tuesday, 8 November 2022, 6:36 AM