Achieving and maintaining ISO/IEC 27001 and BS 10012 certifications

insights from industryDr. Fu WeiDirector of Quality ManagementBGI Genomics

In the biotechnology industry, advancements in digital technologies such as AI and big data are revolutionizing the industrial landscape. This data, often of a sensitive nature, brings forth significant privacy concerns. Meeting certifications like GDPR and ISO/IEC 27001, safeguarding against cyber threats, and seamlessly integrating legacy systems are vital challenges faced by the sector.

To navigate this complex landscape, a proactive approach to data privacy is essential. This involves continual training for employees, integrating privacy considerations into system architectures, thorough risk evaluations, and establishing transparent data protocols. By prioritizing data privacy, companies in the biotechnology industry can uphold legal compliance, safeguard their reputation, and cultivate trust in an age of rapid technological evolution.

In this interview, Dr. Fu Wei, Director of Quality Management Department at BGI Genomics talks to AZoMedical about achieving and maintaining ISO/IEC 27001 and BS 10012 certifications.

Image Credit: TenPixels/

What types of certifications do the BSI and GDPR provide for personal data security and compliance?

Regarding personal data security and compliance, BSI provides certification of BS 10012 (Personal Information Management System), which fully meets the regulations and requirements of GDPR.

Image Credit: A9 STUDIO/

Can you elaborate on BGI Genomics's specific process for achieving and maintaining ISO/IEC 27001 and BS 10012 certifications?

BGI Genomics establishes and operates the management system in accordance with the requirements of ISO/IEC 27001 and BS 10012 standards. BGI Genomics then submits an application for certification to the certification organizations. The auditor team will conduct an on-site inspection, including document review, site visit, management person interview, etc., to ensure that BGI Genomics's management system meets the requirements and standards of ISO/IEC 27001 and BS 10012 accordingly. In the end, BGI Genomics is granted accreditation certifications.

Additionally, how frequently does the relevant regulatory certification organization review these certificates?

Certificate organizations review the certificates once a year.

How many companies have obtained these certifications? What standards and criteria do most companies struggle to meet?

Fourteen companies have obtained ISO/IEC 27001 certifications under BGI Group, BGI Genomics' parent company, and four companies have obtained BS 10012 certifications. Risk assessment is the most difficult part of information security and privacy management systems. It requires a good understanding of the standards and the ability to practice them.

Image Credit: Wright Studio/

How does BGI Genomics ensure compliance with international quality management standards? How do the relevant certification organizations help BGI Genomics navigate the complexities of obtaining and maintaining accreditation?

BGI Genomics strictly follows the standards to set up and maintain management systems of information security and privacy. The certification organizations review BGI Genomics's management systems on-site annually to ensure they work and continue to meet the standards and criteria. 

Could you provide insight on any recent updates to ISO/IEC 27001, BS 10012, or GDPR regulations? How has BGI Genomics adjusted its practices to align with these changes?

The recent updates are ISOIE 27001:2022, BS10012:2017, and General Data Protection Regulations. BGI Genomics reviews and updates its practices to align with the changes by annual internal audit and management review.

Could you provide examples of how BGI Genomics integrates quality management and privacy security into its daily operations to build trust with customers and partners?

BGI Genomics aligns the quality management system privacy security standards to its regular practices, for example, patient consent agreement forms, setting up the storage time of test process records and electronic data, setting up the data breaching process, etc.

Image Credit: Wright Studio/

How did BGI Genomics perform in the recent inspection, and what could it do to enhance the operation?

The most recent inspection of BS 10012 was in October 2023, and the last inspection of ISO/IEC 27001was in May 2023.

The improvement plan for 2024 is as follows:

  • Update the information security management system according to ISO /IEC 27001:2022
  • Update Privacy policy and cookie policy
  • Update backup requirements for offline electronic records
  • Optimized permission management for shared disks

Where can readers find more information?

About Dr. Fu Wei

Dr. Fu Wei serves as the Director of the Quality Management Department at BGI Genomics. In 2018, Dr. Fu was recognized as a person of outstanding quality in Shenzhen by Shenzhen Association for Quality . He helped BGI Genomics HK laboratory to became the first genetic laboratory in China to achieve CAP accreditation. He helped the BGI Europe laboratory in Denmark achieve ISO 15189 and ISO/IEC 27001 certification.

About BGI Genomics

BGI Genomics is the world's leading integrated solutions provider of scientific technology services and precision medicine, to research institutions, enterprises, medical facilities, and public health organizations.

Relying on cutting-edge sequencing and bioinformatics technology, our mission is to drive technological advancement, mitigate birth defects, combat tumors, and safeguard against serious illnesses through our commitment to advancing precision medicine.


Please use one of the following formats to cite this article in your essay, paper or report:

  • APA

    BGI Genomics. (2024, April 30). Achieving and maintaining ISO/IEC 27001 and BS 10012 certifications. News-Medical. Retrieved on May 22, 2024 from

  • MLA

    BGI Genomics. "Achieving and maintaining ISO/IEC 27001 and BS 10012 certifications". News-Medical. 22 May 2024. <>.

  • Chicago

    BGI Genomics. "Achieving and maintaining ISO/IEC 27001 and BS 10012 certifications". News-Medical. (accessed May 22, 2024).

  • Harvard

    BGI Genomics. 2024. Achieving and maintaining ISO/IEC 27001 and BS 10012 certifications. News-Medical, viewed 22 May 2024,


The opinions expressed here are the views of the writer and do not necessarily reflect the views and opinions of News Medical.
Post a new comment

While we only use edited and approved content for Azthena answers, it may on occasions provide incorrect responses. Please confirm any data provided with the related suppliers or authors. We do not provide medical advice, if you search for medical information you must always consult a medical professional before acting on any information provided.

Your questions, but not your email details will be shared with OpenAI and retained for 30 days in accordance with their privacy principles.

Please do not ask questions that use sensitive or confidential information.

Read the full Terms & Conditions.

You might also like...
From China to Uzbekistan - United for Women’s Wellness on IWD