Achieving and maintaining ISO 27001 and BS 10012 certifications

In the biotechnology industry, advancements in digital technologies such as AI and big data are revolutionizing the industrial landscape. This data, often of a sensitive nature, brings forth significant privacy concerns. Meeting regulatory requirements like GDPR and ISO 2700, safeguarding against cyber threats, and seamlessly integrating legacy systems are vital challenges faced by the sector.

To navigate this complex landscape, a proactive approach to data privacy is essential. This involves continual training for employees, integrating privacy considerations into system architectures, thorough risk evaluations, and establishing transparent data protocols. By prioritizing data privacy, companies in the biotechnology industry can uphold legal compliance, safeguard their reputation, and cultivate trust in an age of rapid technological evolution.

In this interview, Dr. Fu Wei, Director of Quality Management Department at BGI Genomics talks to AZoMedical about achieving and maintaining ISO 27001 and BS 10012 certifications.

Image Credit: TenPixels/Shutterstock.com

What types of certifications do the BSI and GDPR provide for personal data security and compliance?

Regarding personal data security and compliance, BSI provides certification of BS 10012 (Personal Information Management System), which fully meets the regulations and requirements of GDPR.

Image Credit: A9 STUDIO/Shutterstock.com

Can you elaborate on BGI Genomics’s specific process for achieving and maintaining ISO 27001 and BS 10012 certifications?

BGI Genomics establishes and operates the management system in accordance with the requirements of ISO 27001 and BS 10012 standards. BGI Genomics then submits an application for certification to the certification organizations. The auditor team will conduct an on-site inspection, including document review, site visit, management person interview, etc., to ensure that BGI Genomics’s management system meets the requirements and standards of ISO 27001 and BS 10012 accordingly. In the end, BGI Genomics is granted accreditation certifications.

Additionally, how frequently does the relevant regulatory certification organization review these certificates?

Certificate organizations review the certificates once a year.

How many companies have obtained these certifications? What standards and criteria do most companies struggle to meet?

Fourteen companies have obtained ISO 27001 certifications under BGI Group, BGI Genomics’ parent company, and four companies have obtained BS 10012 certifications. Risk assessment is the most difficult part of information security and privacy management systems. It requires a good understanding of the standards and the ability to practice them.

Image Credit: Wright Studio/Shutterstock.com

How does BGI Genomics ensure compliance with international quality management standards? How do the relevant certification organizations help BGI Genomics navigate the complexities of obtaining and maintaining accreditation?

BGI Genomics strictly follows the standards to set up and maintain management systems of information security and privacy. The certification organizations review BGI Genomics’s management systems on-site annually to ensure they work and continue to meet the standards and criteria. 

Could you provide insight on any recent updates to ISO 27001, BS 10012, or GDPR regulations? How has BGI Genomics adjusted its practices to align with these changes?

The recent updates are ISOIE 27001:2022, BS10012:2017, and General Data Protection Regulations. BGI Genomics reviews and updates its practices to align with the changes by annual internal audit and management review.

Could you provide examples of how BGI Genomics integrates quality management and privacy security into its daily operations to build trust with customers and partners?

BGI Genomics aligns the quality management system privacy security standards to its regular practices, for example, patient consent agreement forms, setting up the storage time of test process records and electronic data, setting up the data breaching process, etc.

Image Credit: Wright Studio/Shutterstock.com

How did BGI Genomics perform in the recent inspection, and what could it do to enhance the operation?

The most recent inspection of BS 10012 was in October 2023, and the last inspection of ISO 27001 was in May 2023.

The improvement plan for 2024 is as follows:

• Update the information security management system according to ISO /IEC 27001:2022
• Update Privacy policy and cookie policy
• Update backup requirements for offline electronic records
• Optimized permission management for shared disks

Where can readers find more information?

About Dr. Fu Wei

Dr. Fu Wei serves as the Director of the Quality Management Department at BGI Genomics. In 2018, Dr. Fu was recognized as a person of outstanding quality in Shenzhen by Shenzhen Association for Quality . He helped BGI Genomics HK laboratory to became the first genetic laboratory in China to achieve CAP accreditation. Additionally, Dr. Fu helped the BGI Europe laboratory in Denmark achieve ISO 15189 and ISO 27001 certification.

About BGI Genomics

BGI Genomics is the world’s leading integrated solutions provider of scientific technology services and precision medicine, to research institutions, enterprises, medical facilities, and public health organizations.

Relying on cutting-edge sequencing and bioinformatics technology, our mission is to drive technological advancement, mitigate birth defects, combat tumors, and safeguard against serious illnesses through our commitment to advancing precision medicine.