Home
>
About
ABOUT

About URM

OverviewURM’s Core ValuesBrief HistoryCertificationsOffice working hoursContact information

URM’s mission and approach


URM Consulting Services Limited (URM) is dedicated to providing high quality, cost-effective and tailored consultancy and training in the areas of information and cyber security, data protection, business continuity and risk management.

URM's mission, through our consultancy, cyber testing, auditing and training services along with our risk management software (Abriska), is to assist organisations achieve the levels of information security, data protection and business continuity which are commensurate with the objectives and culture of their organisation and which also meet international standards, regulations/legislation and recognised best practice.

We aim to achieve this through our collaborative, partnership approach.  URM has always striven to become a valued partner by aligning closely with our clients’ business objectives, understanding their unique risk profiles and appetites, and delivering tailored, proactive and sustainable solutions.  At the centre of this is strong communication and liaison to ensure that security strategies continue to evolve with our clients’ business.  Our goal/approach is very much based on fostering trust through transparency, reliability, knowledge sharing and achieving measurable results.

The partnership approach URM takes is genuine. Our relationship with URM is not hard-nosed or overly commercialised, and feels much closer to a partnership arrangement than any other security consultancy providers we have worked with. If we had a new piece of work that we needed external help with, URM would be our first port of call for assistance.
UK-based university

URM’s consultants


URM's 35+ strong team of information security, cyber security, data protection, risk management and business continuity consultants comprises some of the most skilled practitioners in the UK, who possess extensive implementation experience and sector relevant qualifications such as Certified Information Security Manager (CISM),  Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) PCI Qualified Security Assessor, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, Certificate in Data Protection, Certified Red Team Operator (CRTO), Offensive Security Certified Professional (OSCP) and CREST Registered Tester (CRT).

It is the calibre of its consultants, be they risk managers, penetration testers, GDPR specialists, Cyber Essentials assessors, ISO 27001 implementers and auditors, combined with its Abriska risk management software, that sets URM apart from its competitors.
Brand distributor

Consultancy and remediation


URM’s involvement with ISO 27001 and information security goes right back to the launch of the Standard in 2005, where it became one of the first organisations to certify against the Standard. We have now been involved in assisting well over 400 organisations to successfully certify (and no failures!) to the Standard and be in a position to maintain that certification.  Since that time, URM has broadened its area of expertise both in terms of other information security standards (PCI DSS, SOC 2, NIST, CMMC and Gambling Commission (RTS) and other ISO Standards such as 22301 (business continuity) 9001 (quality) 20001 (service management) and 13845 (medical devices).  URM is particularly adept at integrating management system standards into a single unified management system.

Our qualifications

Practising what it preaches, URM has its own integrated management systems and has been certified to both ISO 27001 and ISO 22301 (certificate BCMS 594364) since they were first introduced.  The Company also became one of the first organisations in the UK to transition its certification to ISO 27001:2022 (certificate IS 536976).  URM is also a Payment Card Industry Qualified Security Assessor Company (QSAC) which allows it to perform formal assessments of conformance with the PCI Data Security Standard (DSS).

PCI DSS CertificationCyber Essentials CertificationBSI CertificationBSI Certification

Audit and certification capabilities


As well as providing consultancy and remediation services, URM is one of the UK’s leading auditors of information and cyber security systems and delivers first-party audits (conducting internal audits of your ISMS) second-party audits (conducting audits of your suppliers) and third-party audits (PCI DSS and Cyber Essentials).  With the latter, URM has been qualified as a Payment Card Industry Qualified Security Assessor (PCI QSA) by the PCI Security Standards Council (PCI SSC) to assess organisations' compliance to the Payment Card Industry Data Security Standard (PCI DSS).  In addition, URM has also been accredited as a certification body by IASME to certify against the Government’s Cyber Essentials Scheme, both Cyber Essentials (certificate IASME-CE-014362) and Cyber Essentials Plus certificate (IASME-CEP-003133).

Our Quality and Regulatory Manager has stated how impressed they are with our auditor’s approach, conduct and output during the recent internal audits.
Medical technology developer

Data protection


Data protection is another area where URM excels.  With a 17-year track record assisting organisations to comply with legislation such as the Data Protection Act, the GDPR and local country-specific legislation, URM has earned a reputation for adopting a pragmatic and business appropriate approach which will enable you to embed data protection practices in business as usual.

Thank you to the URM DP consultant for continuously making our days and plans more manageable. We value his commitment, his patience and his going beyond of what is expected over and over again. We would also like to commend his contagious passion for privacy and thank him and the URM Team for all they do.
US-based university

Cybersecurity


To fully complement all of our governance, risk and compliance services is our cybersecurity consulting and  testing offering to help you identify threats to your information assets.  URM is a CREST-accredited organisation and delivers a wide range of penetration tests, including infrastructure and network, web application, mobile application and Cloud.  By combining cutting edge penetration tests with its governance, risk and compliance services, URM provides a holistic set of policy, process, technical and training solutions to help you address your security weaknesses. We were also one of the first organisations to achieve accreditation to the CREST OVS programme, meaning we are able to deliver Level 1 and Level 2 ASVS and MASVS assessments for web and mobile applications.

We have been a partner with URM Consulting for many years. They offer a great service and are a team of real experts in all things cyber security.
IT support company

Risk management


Risk management is the cornerstone of any information security or business continuity management system and, since 2002, URM has been developing and refining its risk assessment methodologies and processes to address the requirements of international standards.  Our suite of purpose-designed risk assessment software products (Abriska) can help you not only satisfy the requirements of ISO 27001 and ISO 22301, but enable you to make better-informed decisions as to which people/policy/process/technical controls to implement. Abriska has underpinned approximately nearly 400 successful ISO certifications.

It’s one thing having the required technical knowledge, it’s another thing for a consultant to apply that knowledge to the context of our organisation. To use a sporting analogy, we view cyber and information security as a marathon not a sprint. I am not a believer in doing everything all at once. Our approach has been risk based and incremental, remediating our biggest risks first before moving on. I believe this approach is far more sustainable and effective. And URM’s consultants fully understand this and are very pragmatic and tailored in their guidance and advice. They know we are not implementing ISO 27001 purely for the certificate, but more as a framework for continual improvement, and at a pace where new systems and processes can be fully understood and absorbed by our team and be business as usual.
Brand distributor

URM’s Core Values

URM has a number of values which reflect who we are and act as our guiding principles as we continue to grow.

Quality Driven

Our goal from day one has been to aspire to the highest levels of quality when delivering services and products to our clients, and to strive to constantly exceed expectations. We are uncompromising in our focus on consistently delivering excellence and taking pride in what we do.

We were impressed with the implementation and management of the Abriska tool. The service we have received is of a high quality due to the Team’s attention to detail, proactiveness and implementation of enhancement requests from the dev side. The Board is also impressed with the tool and is looking to complete an organisation-wide implementation soon. We will definitely recommend other charity contacts to use the tool, as it is well priced and comes with excellent customer service.
Charity

Always Trustworthy

We endeavour to adhere to the highest standards of integrity and fiscal responsibility. We will always honour our commitments and act in the best interests of our clients. Equally, URM will be honest with both clients and employees alike and, if asked if we can do something that we know we can’t, we will say so. As an employer and partner, we pride ourselves on being fair, honest, transparent, thoughtful and respectful.

URM have quickly become a trusted partner who we can rely on for expertise. They've provided a great service since the first day we started working with them and their staff are really knowledgeable, friendly and helpful.
Metallurgy company

Responsive and Flexible

We believe our flexible, customer-centric approach is a major differentiator vis-a-vis our competitors. Our clients and partners can, for example, always expect a prompt and efficient response to any enquiry and for URM to be creative and resourceful in meeting their needs.

Everything went as planned, our consultant was very professional, displayed flexibility when needed, and his approach was greatly appreciated!
Visulisation studio

Continually improving

Within URM, there is a determination and tenacity to continually improve our processes, services and products. We constantly endeavour to find ways of becoming more effective, efficient and innovative, no matter how marginal those improvements may be. Clients can be assured that they are working with an organisation which is never complacent and is one that is free of arrogance and ego. We value and encourage feedback, so that we can fully understand where we need to improve and implement those changes.

Supportive Nature

With our strong team and collaborative working culture, URM can be relied upon for our support and resilience capabilities. We have strength in depth and will always aim to provide back up to the lead consultants. We are totally committed to sharing our knowledge and skills to improve the competence of our clients and our own team.

Working with the URM team to achieve Cyber Essentials Plus for Cisilion was a seamless and highly professional experience. Their expertise, clear guidance, and proactive approach ensured we met all the necessary security standards with confidence. URM's consultant's in-depth knowledge and support made the entire process smooth and efficient, helping us strengthen our cybersecurity posture. We highly recommend URM for their exceptional service and commitment to excellence!
IT services and solutions provider

Expertise Assured

The quality of our services is inextricably linked to the expertise of our consultants, trainers and product developers. We are very proud of our recruitment and retention of a number of the UK’s leading practitioners within their respective fields. URM’s consultants are renowned not just for their technical knowledge, but their ability to apply and communicate that knowledge. The enthusiasm and passion for their subject is infectious.

URM have carried out our PCI DSS assessments for nearly 10 years. During that time they have shown expertise and commitment in helping us reach our goals. Last year we decided to go for Cyber Essentials Plus and had no hesitation in getting URM to assess us for that.
Contact centre software provider

Brief History

Starting as an information security division within a technical solution provider in 2002, we were established as a separate legal entity, Ultima Risk Management Ltd, three years later in July 2005.

Since 2005, URM has grown consistently and organically, establishing itself as one of UK’s leading GRC and cybersecurity testing providers.  

In August 2019, the name of the company was changed to URM Consulting Services Limited (URM) to match its recognised brand name.

Certifications

URM is Certified to:
ISO 27001:2022 (certificate IS 536976)*
ISO 22301:2019 (certificate BCMS 594364)
Cyber Essentials (certificate IASME-CE-014362)
Cyber Essentials Plus (certificate IASME-CEP-003133)
URM is also CREST accredited as a penetration testing service provider

*In April 2023, URM became one of the first companies in the UK to certify to ISO 27001:2022

Office working hours
Contact information
Our experts are the ones to trust
when it comes to your cyber security
CREST LogoPen Test LogoOVS Mobile LogoOVS Apps Logo
PCI DSS CertificationCyber Essentials CertificationBSI CertificationBSI Certification
Read Latest Case Study
Related Pages
ABOUT URM
Terms of Business

By accessing URM's Web pages you agree to the following terms. If you do not agree to the following terms, please notice that you are not allowed to use the site.

Read more
ABOUT URM
Privacy Policy

Your privacy is of great importance to us. This Privacy Policy is designed to give you a clear explanation of our data processing policies and how we process your information in support of the delivery of our services.

Read more
ABOUT URM
Cookie Policy

New European privacy laws have come into force in the UK which require websites to obtain consent when placing cookies' on visitors computers, mobiles or other devices. This is intended to give internet users more control over the data that websites gather.

Read more
Services
Training
Consultancy
Products
About URM
About URM
URM Data Sheets
Contact URM
URM White papers
Case Studies
URM Blog
Collaboration
Secure File Portal (SFP)
Partner with URM
Subscribe to Mailing List
© Copyright 2024 URM Consulting Services Ltd. All Rights Reserved.
|
Privacy Policy
|
Cookies
|
Terms of Business