Book FREE Consultation

URM is pleased to provide a FREE 30 minute consultation on Transitioning to ISO 27001:2022 for any UK-based organisation. Once an enquiry form has been submitted, we will be in touch to understand the nature of your enquiry and to book a mutually convenient time for a 30-minute consultation slot with one of URM’s specialists.

NIST Consultancy Services

Since 2002, URM can support your organisation by assisting with each of the 7-step CSF implementation process.

Consultancy Services

Since 2002, URM can support your organisation by assisting with each of the 7-step CSF implementation process or specific steps as follows:

Step 1 – Prioritise and scope.  The first step is to identify your business objectives and high-level priorities.  This information helps inform the scope of the systems and assets which support the business processes, as well as making strategic decisions concerning cybersecurity implementation.  It is crucial that all of your critical systems and assets are identified so that their protection can be prioritised.

Step 2 – Orient.  After defining the scope of your cybersecurity programme, URM will assist you in identifying the relevant systems and assets, regulatory requirements and the overall risk approach.  This is followed by the identification of threats and vulnerabilities which relate to the systems and assets identified in the scope.

Step 3 – Create a current profile.  With this step you need to identify your current profile specifying what security controls have been implemented and what outcomes have been achieved.  When looking at the outcomes, you will need to use the Categories and Subcategories from the Framework Core to define which outcomes are being fully or partially achieved.  This baseline will help you plan the next steps.

Step 4 – Conduct a risk assessment.  Having created a current profile, URM will help you conduct a risk assessment analysing the impact and likelihood of a cybersecurity breach.

Step 5 – Create a target profile. You will now be in a position to create a Target Profile.  Here, URM will support you focussing on your Categories and Subcategories and setting targets for your desired cybersecurity outcomes incorporating your organisation’s risk appetite.  

Step 6 – Determine, analyse and prioritise gaps.  This step includes the creation of a prioritised action plan to close the control gaps between your Current and Target Profiles, reflecting your organisation’s drivers, costs, benefits and risks.  You will also need to decide on what resources will be needed to close the gaps.

Step 7 – Implement action plan.  Having set priorities for addressing gaps between your Current and Target Profiles, it is now a case of implementing security controls and control activities in order to achieve the target profile.  The target profile comprises 108 Subcategories which are outcome-driven statements that reflect the improvement of your organisation’s cybersecurity programme.

Get in touch

Please note, we can only process business email addresses.

Why URM for NIST?


Track record

URM has a 19-year track record of providing high-quality consultancy and training support, assisting organisations improve their information and cyber security, as well as information governance posture and capabilities.  A particular niche skill is helping organisations to conform or certify to ‘best practice’ international (IS) standards such as SOC 2 and ISO 27001.  URM is particularly adept at developing existing frameworks to meet the requirements of these standards or building on existing ISO 27001 ISMS’ to achieve NIST conformance.  Having assisted over 400 organisations to achieve world-recognised standards, URM has worked with organisations of all sizes from micro businesses to multi-national organisations and from all the major market sectors.

Tailored approach

URM is renowned for adopting a highly tailored and bespoke service where its consultants are constantly striving to deliver sustainable solutions that meet both the current and future needs of the client organisation.

Flexible delivery

When transferring knowledge on meeting the requirements of NIST, URM can deliver this through various delivery mechanisms, i.e., through one-to-one support, workshops or training courses.  Furthermore, when delivering remediation services to address gaps, URM’s support is tailored and flexible, based on the client’s requirements, internal knowledge and available resources.  Support can be delivered on an activity-per-activity basis or where a consultant is allocated on a recurring basis, e.g., 1 day a week.   As such, the engagements help to ensure that remediation activities are followed through, remain compliant and that sufficient evidence for the audit is generated.

Information Security FAQISO 27001 FAQ

Developing an ISO 27001 Information Security Policy

Published on
5/11/2024

URM’s blog discusses how to develop and implement an information security policy that fully conforms to both your organisation’s and ISO 27001 requirements.

Read more
Thumbnail of the Blog Illustration
Internal Audit
Published on
18/10/2024
Internal Auditing of Management Systems

URM’s blog explains how to plan and execute effective and conformant internal audits of management systems at each stage of the internal audit process.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
4/10/2024
Implementing and Auditing ‘People Controls’ from ISO 27001:2022

URM’s blog explains why ‘people’ warrants its own control theme in ISO 27001 and how to prepare for a people controls audit, offering advice for each control.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
20/9/2024
ISO 27002, the Unsung Hero

URM’s blog explains what ISO 27002 is, how it can benefit your organisation, & how you can use it to support your implementation of an ISO 27001-conformant ISMS

Read more
"
After a bad experience with a previous provider, we looked to URM for QSA support. The URM QSA we have worked with is phenomenal, and considerably better than our previous QSAs. My team enjoy working with him, and find him to be extremely credible and effective. Whenever we have asked our QSA and account manager whether additional work is required outside of the annual cycle, there has never been a hard sell of any of URM’s services, and instead offer advice based on our compliance requirements and business needs. Our URM QSA always consults with the aim of making compliance as straightforward as possible, and pointed us towards a way of significantly minimising and streamlining our assessment scope that neither we nor our previous PCI DSS consultancy provider had considered.
CISO at University of Surrey
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.