Experts in Information
Security

TRUSTED SERVICES
CREST LogoPen Test LogoOVS Mobile LogoOVS Apps Logo
PCI DSS CertificationBSI CertificationBSI Certification

ISO 27001
Consultancy
and Auditing

Guaranteed ISO 27001 certification
Tailored ISMS implementation
Highly skilled auditors
Find out more

GDPR Consultancy
and Training Specialist

Pragmatic and tailored
approach to GDPR compliance
Find out more

Leading PCI QSA
Company

Pragmatic and tailored
approach to PCI DSS
compliance
Find out more

Trusted and
Accredited
Penetration Testing

Maximising the benefits from your pen testing. Assessment tailored to your organisation’s needs. Free retest of high or critical vulnerabilities.
Find out more

URM makes
Cyber Essentials
certification easy

Achieve Cyber Essentials and Cyber Essentials Plus certification with our team of qualified experts.
Find out more

Team of Experienced
SOC 2 Consultants

If you need to comply, attest, or prepare for
a SOC 2 report (be that Type 1 or Type 2)
URM provides a full range of services.
Find out more

URM Consulting Services (URM)

URM Consulting Services (URM) is dedicated to providing high quality, cost-effective and tailored consultancy and training in the areas of information and cyber security, data protection, business continuity and risk management.

URM's mission, through its consultancy, cyber testing, auditing and training services, along with risk management software (Abriska), is to assist you achieve the levels of information security, data protection and business continuity which are commensurate with the objectives and culture of your organisation, and which also meet international standards, regulations/legislation and recognised best practice.

Having assisted over 400 organisations achieve ISO 27001 certification, URM is ideally placed to help you certify your information security management system against the Standard or transition from the 2013 version of the Standard to the 2022 version.

Find out more

URM's services include conducting data protection impact assessments (DPIAs), developing records of processing activities (ROPAs) and conducting data subject access request (DSAR) redactions.

Find out more

URM’s qualified security assessors (QSAs) pride themselves on their pragmatic approach to both compliance and assessments and will work with you to find the most appropriate and sensible way for you to meet the requirements of the Standard, including v4.0.

Find out more

As an accredited Cyber Advisor (Cyber Essentials) and Certification Body, URM is ideally placed to provide you with reliable and cost effective cyber security advice and help you achieve Cyber Essentials and Cyber Essentials Plus certification.

Find out more

As a CREST-accredited organisation, URM is able to provide penetration testing services against all assets associated with your organisation, location or service, e.g., external and internal networks, cloud environments, web or mobile applications.

Find out more

If you’re looking to understand whether SOC 2 is the right approach for you, what efforts are required to comply or attest, or prepare for a SOC 2 report (be that Type 1 or Type 2), URM can provide you with a full range of services.

Find out more

Bollin Group

URM provided Bollin Group with comprehensive support in strengthening its cyber and information security posture. This included providing expert guidance in relation to governance, risk management, and compliance, helping Bollin Group achieve Cyber Essentials certification and ISO 27001 certification. URM's consultants took a pragmatic, risk-based approach, ensuring that security measures were embedded seamlessly into business operations at a sustainable pace. Their tailored advice, combined with the two organisations’ shared values of integrity and corporate responsibility, fostered a strong partnership which enabled Bollin Group to enhance its resilience against cyber threats while maintaining operational efficiency.

Read more
Our experts are the ones to trust
when it comes to your cyber security
CREST LogoPen Test LogoOVS Mobile LogoOVS Apps Logo
PCI DSS CertificationBSI CertificationBSI Certification
Webinar

GDPR for Small and Medium-Sized Enterprises (SMEs)

11:00 am
,
Wednesday
25
June
2025

Drawing upon our extensive experience supporting SMEs, to comply with the GDPR, URM will explain your regulatory obligations as an SME, and offer essential advice on how to stay compliant with limited resources.

Read more
USB stick, Padlock, Keys
Webinar

Cyber Essentials and Cyber Essentials Plus – How Recent Changes May Affect Your Organisation

11:00 am
,
Wednesday
16
July
2025

URM will break down the recent changes to the scheme, discuss their practical impact on organisations, and answer your key questions about achieving and maintaining certification.

Read more
USB stick, Padlock, Keys
Webinar

Beyond ISO 27001 - DORA and NIS 2

11:00 am
,
Wednesday
22
October
2025

URM and DNV will provide an overview of the Digital Operational Resilience Act (DORA) and the Network and Information Systems Directive 2 (NIS 2), two key components of the European Union's strategy to enhance cybersecurity and operational resilience across various sectors.

Read more
USB stick, Padlock, Keys

ISO 9001:2015 Clause 8.3: Design and Development

Sue West
|
Senior Consultant and Auditor at URM
Published
29
May
2025

URM’s blog explains Clause 8.3 of ISO 9001, its applicability, and the key considerations and practical steps required for conformance to this Clause.

Read more
Thumbnail of the Blog Illustration
Information Security
Published
23/5/2025
ISO 27001:2022 - A.5 Organisational Controls (Legal, Regulatory and Contractual)

URM’s blog explains the legal, regulatory & contractual controls in ISO 27001 & how they can be implemented in full conformance with the Standard.

Read more
Thumbnail of the Blog Illustration
Information Security
Published
16/5/2025
ISO 27001:2022 - A.5 Organisational Controls (Information Security Management)

URM explains the 8 information security management controls included within the ‘Organisational controls’ theme and how to prepare for an audit of each control

Read more
Thumbnail of the Blog Illustration
Information Security
Published
9/5/2025
ISO 27001:2022 - A.5 Organisational Controls (Access Management)

URM’s blog explores why the access controls in ISO 27001 matter, and how to implement each control in full conformance with both the Standard and best practice.

Read more
"
Without URM, we would not of achieved its certification goals.
Director, Havas People