info@urmconsulting.com

Consultancy and Services

Information Security

ISO 27001

What is ISO 27001?Gap Analysis Risk Assessment Implementation Consultancy Services

PCI DSS

What is PCI DSS?Penetration Testing Scope Reduction Gap Analysis Implementation Assessment and Auditing Consultancy Services

Artificial Intelligence

ISO 42001 Gap Analysis Implementation Internal Audits EU AI Act NIST AI RMF

SOC 2

What is SOC 2?Gap Analysis Remediation Audit and Assessment Training Consultancy Services

CMMC

What is CMMC?Gap Analysis Implementation Assessment Consultancy Services

DORA

Gap Analysis Consultancy Services

GC RTS

What is GC RTS?Gap Analysis Implementation Assessment Consultancy Services

SWIFT CSP

What is SWIFT CSP?Gap Analysis Implementation Assessment and Auditing Consultancy Services

NIST CSF

What is NIST CSF?Implementation Assessment Consultancy Services

Information Security Consultancy Services

ISO 27001 Image

URM provides consultancy services on:

Cyber Security

penetration testing

Penetration Testing

What is Pen Testing?Network and Infrastructure Web Application Cloud Mobile Application Business-led Services

Cyber security Services

Cyber Security Headline Assessment

Cyber Essentials

Cyber Essentials

What is Cyber Essentials?Assessment Gap Analysis Application Review Cyber Essentials Plus Cyber Advisor Certified by URM Consultancy Services

DCC

Gap Analysis Implementation Support Consultancy Services

cyber security

NIS 2

What is NIS 2?Services

Vulnerability Scanning

What is it?ASV Scanning Services

Social Engineering

What is Social Engineering?Penetration Testing Services

Incident Response

What is Incident Response?Cyber Incident Exercise Services

Cyber Security Services

URM provides services on:

Penetration Testing

Cyber Essentials

Vulnerability Scanning

Social Engineering

Incident Response

Data Protection

Data Protection

A set of practices, laws, and policies designed to safeguard personal data from unauthorised access, misuse, disclosure, destruction, or loss.

A comprehensive data protection law designed to protect personal data and privacy rights in the EU and the UK.

DUAA Compliance Support

URM helps organisations assess and strengthen their compliance with the new DUAA requirements by carrying out a structured gap analysis of current data protection practice

Helps identify the "gaps" or areas where the organisation is not meeting GDPR standards.

A process that helps identify and address privacy risks in data processing activities.

A fundamental requirement that helps maintain transparency, accountability, and compliance in data processing activities.

An effective solution for organisations seeking to comply with GDPR requirements without the need for a full-time, in-house data protection officer.

A mechanism that allows individuals to request access to the personal data that an organisation holds about them.

Awareness Training

A critical component of an organisation's data protection strategy.

The STAIRs Standard

The STAIRs standard grants tenants of private sector social housing landlords the right to request a broad range of non-personal information.

Data Protection Consultancy and Services

URM provides consultancy and services on:

GDPR Gap Analysis

GDPR Training and Awareness

Business Continuity

Business Continuity

Processes and procedures an organisation implements to ensure that essential functions can continue during and after a disaster or disruption.

An international standard for Business Continuity Management Systems (BCMS). It provides a framework and guidelines for organisations to prepare for, respond to, and recover from disruptive incidents.

ISO 22301 Gap Analysis

Evaluates an organisation's business continuity management practices against the requirements of the ISO 22301 standard.

ISO 22301 Implementation

The process of establishing, operating, monitoring, reviewing, and continually improving a BCMS in accordance with the ISO 22301 standard

Business Impact Analysis

A systematic process used to identify and evaluate the potential effects of disruptions to critical business operations.

Business Continuity Plan

A comprehensive document that outlines the procedures and actions to ensure that critical business functions can continue during and after a disruptive incident.

Testing and validating BC plans through various types of drills and exercises.

Business Continuity Consultancy and Services

URM provides consultancy and services on:

ISO 22301 Gap Analysis

ISO 22301 Implementation

Business Impact Analysis

Business Continuity Plans

Exercising BCPs and IMPs

Internal Audit

An independent, objective assurance and consulting activity designed to add value and improve an organisation's operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Outsourced Service

The practice of an organisation hiring an external service provider to perform internal audit activities instead of using its in-house audit team.

Audit Schedules

Planned timetable and sequence of audit activities to be conducted over a specific period, usually a year.

Third Party Audit

An independent evaluation conducted by an external organisation or auditor that is not affiliated with the company being audited.

Internal Audit Consultancy and Services

URM provides consultancy and services on:

Audit Schedules

Third Party Audit

Other Standards

Standard for quality management systems (QMS). It is part of the ISO 9000 family of standards and provides a framework for organisations to ensure they meet the needs and expectations of their customers and other stakeholders.

ISO 13485 is the standard for medical device quality management system (MDQMS) that is intended to support the design, development and support of medical devices which meet applicable regulatory requirements and do no harm to patients.

Standard is designed to ensure that AI technologies are developed, deployed, and maintained in a responsible, transparent, and ethical manner. It addresses various challenges associated with AI, including risk management, ethical considerations, transparency, and continuous learning.

Other Standards Consultancy and Services

URM provides consultancy and services on:

Products

Information Security Risk Management Software

Audit and Action Management Software

Supplier Risk Management Software

Business Continuity Management Software

Enterprise Risk Management Software

Online Awareness Training Tool

Training

Information Security

Explores how to manage information and cyber security and address ever-evolving threats and changes.

Introduction to ISO 27001

Provides essential guidance on how organisations can most effectively improve their information security.

Migration to ISO 27002

Explores the changes to ISO 27002 and to Annex A of ISO 27001, and how to implement the new controls.

Transition to ISO 27001

Addresses transitioning both an ISMS and information security controls to ISO 27001:2022.

Data Protection and GDPR

Provides a practical understanding of UK data protection law, including the UK GDPR.

Addresses all aspects of performing a DPIA and provides you with confidence in your approach.

Provides clear and practical instruction on dealing with all aspects of a DSAR.

Enhances your understanding of how to conduct a successful and compliant TRA/DTIA.

risk Management

Addresses all key aspects of information risk management, risk assessments and risk treatment plans.

other standards

Introduction to ISO 42001

Provides essential guidance to organisations looking to implement an AI management system (AIMS).

Training Schedule

Upcoming Courses:

February 18, 2026

1 Day Introduction to ISO 27001 including Annex A Controls

How to Manage Data Subject Access Requests (DSARs)

Introduction to PCI DSS

Resources

Podcasts

InfoSec Insider

FAQs

White Papers

Data Sheets

Case Studies

Quiz

Video Library

Recent Case Study

Case Study

Smarter Technologies

With the support of URM’s team, Smarter Technologies has implemented robust, sustainable practices that align with its operational goals and values

Blogs

Rachael Salter

Managing DSARs and Other Data Subject Rights

George Ryan

NHS Cyber Security Open Letter: What Does it Mean for Suppliers?

Mark O'Kane

The Core Functions of NIST CSF: Identify

Stuart Skelly

Analysis of Enforcement Action by the ICO in 2025 – Actions Way Down, Security Data Breach Fines Way Up

Stuart Skelly

Ten Top Tips for Achieving GDPR Compliance

Thumbnail of the Blog Illustration

Cyber Security

George Ryan

NHS Cyber Security Open Letter: What Does it Mean for Suppliers?

URM’s blog explains the recent open letter to suppliers issued by the NHS, what it means, why it matters, and the practical steps you can take to prepare.

About Us

About URM

URM Core Values

Testimonials

Partners

Subscribe to our mailing list

Legal Tech

Required solution for any office

The platform helps every office achieve its big goals and ambitions.

Visit website:

https://legal-tech.bg

Consultancy and Services

Information Security

Data Protection

Business Continuity

Other Standards

Company

Resources

Subscribe to our mailing list

Stay up to date on events and industry updates.

We care about your data in our privacy policy.

© Copyright 2026 URM Consulting Services Ltd. All Rights Reserved.

Terms of Business Privacy Policy Cookies