Book FREE Consultation

URM is pleased to provide a FREE 30 minute consultation on Transitioning to ISO 27001:2022 for any UK-based organisation. Once an enquiry form has been submitted, we will be in touch to understand the nature of your enquiry and to book a mutually convenient time for a 30-minute consultation slot with one of URM’s specialists.

Podcasts

InfoSec Insider

InfoSec Insider

The InfoSec Insider podcast brings you weekly interviews with practicing senior consultants, who draw upon their extensive experience to provide detailed and practical guidance on all things information and cyber security, data protection compliance, risk management, and more.  In each episode, one of our experts takes a deep-dive into a particular aspect of their area of specialism, whether that be certifying to ISO 27001, outlining some top tips for GDPR compliance, making the case for alternative approaches to pen testing, or discussing how to conduct an effective business impact analysis (BIA).  Enhance your understanding and professional skillset with the InfoSec Insider podcast, brought to you by URM, the UK’s leading provider of cyber security and governance, risk management and compliance consultancy.

Talk Cyber
Season
1
, Episode
18

Mitigating Cyber Risks

In this episode of InfoSec Insider – Talk Cyber, George Ryan, Consultant at URM, breaks down the current state of cyber security in the modern business landscape and the common cyber security failings and challenges he sees organisations face, as well as offering key advice and guidance on what organisations can do to protect against these threats.  George leverages his extensive experience assisting organisations to enhance their cyber security to discuss:

  • The current cyber security landscape and the common security pitfalls that are leading to an upward trend in cyber security incidents
  • How the cyber security landscape is likely to evolve in the future as a result of ongoing technological developments, such as in the field of artificial intelligence (AI)
  • How organisations can protect themselves against these threats and the benefits of certifying to the Cyber Essentials scheme to do so.
Learn more about this topic
InfoSec Insider
Season
1
, Episode
17

Mistakes to Avoid When Implementing & Maintaining an ISO 27001 ISMS

In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, breaks down the common mistakes and challenges organisations come up against on both sides of their certification assessment, i.e., before the external assessment when the Information Security Management System (ISMS) is first being implemented, and after certification has been achieved and the ISMS is being maintained.  Wayne leverages his 30+ years of experience in information security and risk management to discuss:

  • The mistakes he frequently sees organisations make when implementing ISO 27001 and preparing to certify
  • The common mistakes organisations make in maintaining their ISMS and ISO 27001 certification
  • New common pitfalls he has seen regarding organisations’ implementation of the 2022 version of the Standard
  • Challenges and mistakes that organisations from particular industries and sectors should look out for.
Learn more about this topic
Talk DP
Season
1
, Episode
16

Who Needs a ROPA and Why?

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, a Senior GRC Consultant at URM, explains records of processing activities (ROPAs), a key document that almost every organisation must create and maintain in order to comply with the General Data Protection Regulation (GDPR).  Stuart leverages his 25+ years of specialisation in data protection law to discuss:

  • What a ROPA is, which organisations need to have one
  • The advantages of having a ROPA in place and how this can benefit your GDPR compliance efforts
  • Who within an organisation needs to create the ROPA
  • The challenges associated with producing a ROPA and how these can be overcome
  • Whether you should first produce a data flow map before embarking on the ROPA
  • The next steps after the ROPA has been built.
Learn more about this topic
InfoSec Insider
Season
1
, Episode
15

ISO 42001 and AI Perspectives

In this episode of InfoSec Insider, Neil Jones, Senior Consultant at URM, breaks down the purpose and structure of the recently released ISO 42001, the International Standard for Artificial Intelligence Management Systems (AIMS), as well as explaining the Standard’s use of AI ‘perspectives’.  Neil leverages his 20+ years’ working with a range of risk and information security-related standards to discuss:  

  • What ISO 42001 is intended for, and what it is not
  • How ISO 42001 is structured, and how it compares to other standards written in the ‘Harmonised Structure’
  • What an AIMS is
  • How you can establish the ‘trustworthiness’ of an AI system and how this concept is articulated through ‘AI perspectives’ in ISO 42001.
Learn more about this topic
Talk DP
Season
1
, Episode
14

Data Protection Considerations for Monitoring Employees

In this episode of InfoSec Insider – Talk DP, Martin Brazier, Senior Data Protection Consultant at URM, explores the challenges of maintaining data protection compliance whilst conducting workplace monitoring, particularly in light of the workforce’s ever-increasing mobility, and how these challenges can be overcome.  Martin leverages his 20+ years of experience in information management and data protection compliance to discuss:

  • The definition of workplace monitoring and recent advances in monitoring technology
  • How to establish whether workplace monitoring complies with data protection legislation, such as the General Data Protection Regulation (GDPR)
  • The need to demonstrate fairness and transparency
  • Objections employees are entitled to make under the GDPR
  • Whether covert monitoring and automated decision making can be compliant
  • Balancing compliance and ethics when carrying out workplace monitoring.
Learn more about this topic
InfoSec Insider
Season
1
, Episode
13

What is the CIA Security Triad?

In this episode of InfoSec Insider, Les Krause-Whiteing, Senior Consultant at URM, breaks down the concepts of confidentiality, integrity and availability (CIA), the 3 fundamental principles on which strong information security is built, and why they are so important to the effective and comprehensive information security management.  Les draws upon his extensive experience helping organisations enhance their information security to discuss:  

  • What the CIA security triad is
  • How the principles of CIA tie into ISO 27001, and how they can help you meet the requirements of the Standard
  • Real-world examples of CIA not being maintained and the subsequent consequences  
  • How to maintain the CIA of your organisation’s information.
Learn more about this topic
Talk DP
Season
1
, Episode
12

Data Protection Considerations for Artificial Intelligence (AI)

In this episode of InfoSec Insider – Talk DP, Martin Brazier, Senior Data Protection Consultant at URM, explores some of the considerations and challenges of maintaining compliance with data protection legislation, such as the General Data Protection Regulation (GDPR), when developing and deploying artificial intelligence (AI) technology.  Martin leverages his 20+ years of experience in information management and data protection compliance to discuss:  

  • The definition of AI  
  • How the UK legislative framework around AI is evolving
  • The challenges associated with maintaining data protection compliance whilst developing and using AI, particularly in light of the GDPR’s 7 core principles
  • What you can do to overcome these challenges and achieve data protection compliance in AI systems.
Learn more about this topic
InfoSec Insider
Season
1
, Episode
11

ISO, IAF and Climate Change Considerations

In this episode of InfoSec Insider, Stuart Moran, Senior Consultant at URM, explores the addition of climate change considerations to 31 management system standards by the International Standards Organization (ISO) and the International Accreditation Forum (IAF).  Stuart draws upon more than 20 years of experience working with a wide range of ISO management system standards to discuss:  

  • What the ISO/IAF climate change amendment is  
  • How different industries might face unique challenges in integrating climate change considerations into their existing ISO management systems  
  • How you can leverage technology to enhance your climate change conformance efforts considering the increased focus on AI and cloud services in ISO standards
  • The future trends to anticipate given the evolving landscape of climate change regulations, and how you can prepare to adapt your management systems accordingly.
Learn more about this topic
Talk DP
Season
1
, Episode
10

Top Tips for GDPR Compliance

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, Senior Data Protection Consultant at URM, provides some hints and tips on how to achieve and maintain compliance with the General Data Protection Regulation (GDPR), with a particular focus on the key documentation organisations need to have in place to comply.  Stuart leverages over 25 years of experience to discuss:

  • The importance of maintaining documented evidence of your GDPR compliance under the ‘accountability’ principle
  • Some of the key compliance documentation you need to produce, including records of processing activities (RoPAs) data protection impact assessments (DPIAs), privacy notices and personal data retention policies  
  • What information you will need to include in these documents  
  • When these documents are mandatory and whether any organisations are exempt from producing them.
Learn more about this topic
InfoSec Insider
Season
1
, Episode
9

Common Pitfalls with ISO 27001

In this episode of InfoSec Insider, Frazer Grudgings, Senior Consultant at URM, highlights the common pitfalls and mistakes he frequently sees organisations make when implementing ISO 27001, and explores the steps you can take to avoid these pitfalls.  Frazer draws upon his 15+ years of experience assisting organisations to implement ISO 27001 to discuss:  

  • The most common mistakes made and challenges faced by organisations implementing ISO 27001
  • How to avoid making these mistakes and ensure your ISO 27001 implementation and certification process is as smooth and seamless as possible  
  • Where you can look for help and support with your ISO 27001 implementation, both within your organisation and externally.
Learn more about this topic
Talk DP
Season
1
, Episode
8

Facial Recognition Technology

In this episode of InfoSec Insider – Talk DP, Martin Brazier, Senior Consultant at URM, explores the key challenges of and considerations for maintaining data protection compliance when using facial recognition technology (FRT).  Martin leverages his 20+ years of specialism in information management and data protection to discuss:  

  • The different types of FRT and what they are used for
  • Real-world examples of FRT deployments by organisations and of an organisation facing enforcement action for noncompliant FRT deployment  
  • The challenges associated with using facial recognition technology for organisations that need to comply with the General Data Protection Regulation (GDPR)
  • How you can ensure that your use of FRT is GDPR compliant.
Learn more about this topic
InfoSec Insider
Season
1
, Episode
7

ISO 9001 Implementation

In this episode of InfoSec Insider, Sue West, one of URM’s Senior Consultants, breaks down 2 of her ‘golden rules’ for successful implementation of ISO 9001, the International Standard for Quality Management Systems (QMS’).  Sue leverages more than 25 years of experience establishing, managing and auditing QMS’ to provide key insights on:  

  • The meaning of top management ‘leadership and commitment’ in the context of ISO 9001 and why it is important to the success of an ISO 9001 implementation project
  • How management can effectively demonstrate leadership and commitment to the QMS when implementing ISO 9001  
  • The importance of ensuring that the QMS is tailored to the organisation and its operations
  • What the ‘Process Approach’ means and how it can be used to build an effective, ISO 9001-conformant QMS.
Learn more about this topic
Talk DP
Season
1
, Episode
6

Fines Imposed by the ICO in 2023

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, a Senior GRC Consultant at URM, provides a break down and analysis of the enforcement actions delivered since the beginning of 2023 by the Information Commissioner’s Office (ICO), the UK’s privacy regulator, to highlight emerging trends and lessons that can be learned from how the ICO enforces data protection legislation such as the UK General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulations (PECR).  Stuart leverages his 25+ years of specialisation in data protection law to discuss:

  • The differences between the enforcement actions that are available to the ICO, i.e., Enforcement Notices, Reprimands, and Monetary Penalties
  • The ICO’s enforcement activities in 2023 – the amount of fines compared to reprimands, and the sums of money involved
  • The ICO’s enforcement activities in the first half of 2024 and how they compare to the same period in 2023
  • Trends that can be observed in the ICO’s enforcement activities and the ICO’s approach to issuing fines vs. reprimands  
  • How the ICO’s use of monetary penalties compares to its European counterparts.

Learn more about this topic
InfoSec Insider
Season
1
, Episode
5

PCI DSS – New Requirements for E-Commerce

In this episode of InfoSec Insider, Alastair Stewart, Payment Card Industry Qualified Security Assessor (PCI QSA) and Senior Consultant at URM, explores some of the new requirements for e-commerce pages in version 4.0 of the PCI Data Security Standard (PCI DSS), providing valuable advice and guidance on what organisations can do to remain PCI DSS compliant as they transition to v4.0.  Alastair leverages his 10+ years of experience assisting organisations to comply with the PCI DSS to discuss:  

  • What the new requirements are for e-commerce pages in PCI DSS v4.0
  • How organisations can go about meeting the new requirements
  • Which organisations the new requirements for e-commerce pages will and will not be applicable to
  • How challenging it will be for organisations to meet the new requirements
  • Why the new requirements have been introduced
  • Which of the new requirements for e-commerce pages have been added to the self-assessment questionnaires (SAQs) and which SAQs they have been added to.  

Learn more about this topic
Talk DP
Season
1
, Episode
4

Everything You Need to Know About DSARs

In this episode of InfoSec Insider – Talk DP, Rachael Salter, Senior Data Protection Consultant at URM, discusses organisations’ obligations under the General Data Protection Regulation (GDPR) when fulfilling data subject access requests (DSARs) and the challenges associated with processing these requests.  Rachael leverages her 10+ years of experience working in data protection compliance to provide advice and guidance on:  

  • What a DSAR is and how to recognise one
  • When organisations are required to redact information from the personal data provided to the data subject
  • When organisations can refuse to process a DSAR and what ‘manifestly unfounded or excessive’ means in practice.
Learn more about this topic
InfoSec Insider
Season
1
, Episode
3

Certificate in Information Security Management Principles (CISMP) Training Course Explained

In the episode of InfoSec Insider Wayne Armstrong, Senior Information Security Consultant at URM, discusses the Certificate in Information Security Management Principles (CISMP), a BCS managed, foundation-level information security qualification.  Drawing upon his 30+ years’ experience in IT, information security and risk management, Wayne discusses:

  • What the CISMP is
  • What is covered in the CISMP curriculum
  • Who the CISMP is for and the benefits they could reap from sitting a CISMP course/exam.
Learn more about this topic
Talk DP
Season
1
, Episode
2

GDPR Back to Basics

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, a Senior GRC Consultant at URM, takes us ‘back to basics’ with the General Data Protection Regulation (GDPR), breaking down the key data protection concepts and terminology you will need to understand if you want to achieve and maintain compliance with the GDPR.

Learn more about this topic
InfoSec Insider
Season
1
, Episode
1

Comparison of ISO 9001 and ISO 27001

Sue West offers helpful advice and guidance on how to integrate multiple management systems which are conformant to/certified against ISO standards, with a particular focus on integrating an ISO 9001 quality management system (QMS) and an ISO 27001 information security management system (ISMS).

Learn more about this topic

Talk BC

Talk BC is the InfoSec Insider podcast’s business continuity series, where our senior business continuity consultants offer key advice on ensuring your organisation is well-equipped to respond to disruption.  Our experts share the knowledge they have gained from years of experience working with organisations to develop and exercise effective business continuity plans, and to conform/certify to ISO 22301 (the International Standard for Business Continuity Management Systems).

Talk Cyber

Talk Cyber is the InfoSec Insider podcast’s cyber security series, in which our cyber security experts bring you the latest guidance on preparing for and safeguarding against cyber attacks.  Drawing upon their experience providing penetration testing, facilitating and supporting Cyber Essentials and Cyber Essentials Plus assessments, and helping to develop and exercise cyber incident response plans, our Cyber Team offers you cutting-edge advice on keeping your organisation protected.

Talk Cyber
Season
1
, Episode
18

Mitigating Cyber Risks

In this episode of InfoSec Insider – Talk Cyber, George Ryan, Consultant at URM, breaks down the current state of cyber security in the modern business landscape and the common cyber security failings and challenges he sees organisations face, as well as offering key advice and guidance on what organisations can do to protect against these threats.  George leverages his extensive experience assisting organisations to enhance their cyber security to discuss:

  • The current cyber security landscape and the common security pitfalls that are leading to an upward trend in cyber security incidents
  • How the cyber security landscape is likely to evolve in the future as a result of ongoing technological developments, such as in the field of artificial intelligence (AI)
  • How organisations can protect themselves against these threats and the benefits of certifying to the Cyber Essentials scheme to do so.
Learn more about this topic

Talk DP

Talk DP is the InfoSec Insider podcast’s data protection series, featuring detailed guidance and insightful discussion from URM’s senior data protection practitioners.  Our experts leverage their extensive experience working to help organisations meet their compliance obligations in order to offer pragmatic, valuable advice on how to meet GDPR requirements, leverage new technologies while remaining compliant with data protection legislation, and more.

Talk DP
Season
1
, Episode
16

Who Needs a ROPA and Why?

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, a Senior GRC Consultant at URM, explains records of processing activities (ROPAs), a key document that almost every organisation must create and maintain in order to comply with the General Data Protection Regulation (GDPR).  Stuart leverages his 25+ years of specialisation in data protection law to discuss:

  • What a ROPA is, which organisations need to have one
  • The advantages of having a ROPA in place and how this can benefit your GDPR compliance efforts
  • Who within an organisation needs to create the ROPA
  • The challenges associated with producing a ROPA and how these can be overcome
  • Whether you should first produce a data flow map before embarking on the ROPA
  • The next steps after the ROPA has been built.
Learn more about this topic
Talk DP
Season
1
, Episode
14

Data Protection Considerations for Monitoring Employees

In this episode of InfoSec Insider – Talk DP, Martin Brazier, Senior Data Protection Consultant at URM, explores the challenges of maintaining data protection compliance whilst conducting workplace monitoring, particularly in light of the workforce’s ever-increasing mobility, and how these challenges can be overcome.  Martin leverages his 20+ years of experience in information management and data protection compliance to discuss:

  • The definition of workplace monitoring and recent advances in monitoring technology
  • How to establish whether workplace monitoring complies with data protection legislation, such as the General Data Protection Regulation (GDPR)
  • The need to demonstrate fairness and transparency
  • Objections employees are entitled to make under the GDPR
  • Whether covert monitoring and automated decision making can be compliant
  • Balancing compliance and ethics when carrying out workplace monitoring.
Learn more about this topic
Talk DP
Season
1
, Episode
12

Data Protection Considerations for Artificial Intelligence (AI)

In this episode of InfoSec Insider – Talk DP, Martin Brazier, Senior Data Protection Consultant at URM, explores some of the considerations and challenges of maintaining compliance with data protection legislation, such as the General Data Protection Regulation (GDPR), when developing and deploying artificial intelligence (AI) technology.  Martin leverages his 20+ years of experience in information management and data protection compliance to discuss:  

  • The definition of AI  
  • How the UK legislative framework around AI is evolving
  • The challenges associated with maintaining data protection compliance whilst developing and using AI, particularly in light of the GDPR’s 7 core principles
  • What you can do to overcome these challenges and achieve data protection compliance in AI systems.
Learn more about this topic
Talk DP
Season
1
, Episode
10

Top Tips for GDPR Compliance

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, Senior Data Protection Consultant at URM, provides some hints and tips on how to achieve and maintain compliance with the General Data Protection Regulation (GDPR), with a particular focus on the key documentation organisations need to have in place to comply.  Stuart leverages over 25 years of experience to discuss:

  • The importance of maintaining documented evidence of your GDPR compliance under the ‘accountability’ principle
  • Some of the key compliance documentation you need to produce, including records of processing activities (RoPAs) data protection impact assessments (DPIAs), privacy notices and personal data retention policies  
  • What information you will need to include in these documents  
  • When these documents are mandatory and whether any organisations are exempt from producing them.
Learn more about this topic
Talk DP
Season
1
, Episode
8

Facial Recognition Technology

In this episode of InfoSec Insider – Talk DP, Martin Brazier, Senior Consultant at URM, explores the key challenges of and considerations for maintaining data protection compliance when using facial recognition technology (FRT).  Martin leverages his 20+ years of specialism in information management and data protection to discuss:  

  • The different types of FRT and what they are used for
  • Real-world examples of FRT deployments by organisations and of an organisation facing enforcement action for noncompliant FRT deployment  
  • The challenges associated with using facial recognition technology for organisations that need to comply with the General Data Protection Regulation (GDPR)
  • How you can ensure that your use of FRT is GDPR compliant.
Learn more about this topic
Talk DP
Season
1
, Episode
6

Fines Imposed by the ICO in 2023

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, a Senior GRC Consultant at URM, provides a break down and analysis of the enforcement actions delivered since the beginning of 2023 by the Information Commissioner’s Office (ICO), the UK’s privacy regulator, to highlight emerging trends and lessons that can be learned from how the ICO enforces data protection legislation such as the UK General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulations (PECR).  Stuart leverages his 25+ years of specialisation in data protection law to discuss:

  • The differences between the enforcement actions that are available to the ICO, i.e., Enforcement Notices, Reprimands, and Monetary Penalties
  • The ICO’s enforcement activities in 2023 – the amount of fines compared to reprimands, and the sums of money involved
  • The ICO’s enforcement activities in the first half of 2024 and how they compare to the same period in 2023
  • Trends that can be observed in the ICO’s enforcement activities and the ICO’s approach to issuing fines vs. reprimands  
  • How the ICO’s use of monetary penalties compares to its European counterparts.

Learn more about this topic
Talk DP
Season
1
, Episode
4

Everything You Need to Know About DSARs

In this episode of InfoSec Insider – Talk DP, Rachael Salter, Senior Data Protection Consultant at URM, discusses organisations’ obligations under the General Data Protection Regulation (GDPR) when fulfilling data subject access requests (DSARs) and the challenges associated with processing these requests.  Rachael leverages her 10+ years of experience working in data protection compliance to provide advice and guidance on:  

  • What a DSAR is and how to recognise one
  • When organisations are required to redact information from the personal data provided to the data subject
  • When organisations can refuse to process a DSAR and what ‘manifestly unfounded or excessive’ means in practice.
Learn more about this topic
Talk DP
Season
1
, Episode
2

GDPR Back to Basics

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, a Senior GRC Consultant at URM, takes us ‘back to basics’ with the General Data Protection Regulation (GDPR), breaking down the key data protection concepts and terminology you will need to understand if you want to achieve and maintain compliance with the GDPR.

Learn more about this topic

Contact the InfoSec Experts Today

Having assisted over 400 organisations to implement an ISMS and then achieve ISO 27001 certification since the Standard was first published in 2005, we at URM are the ideal partners to help you certify.  With our fully-tailored approach, our specialists can support you through each stage of the ISO 27001 management system lifecycle, offering guidance specific to your organisation’s unique requirements.  

Get in touch with our information security experts today to find out more.

Contact Us

InfoSec Solutions & Products

One the key requirements of ISO 27001 is the need for a robust risk assessment process which can produce repeatable and comparable results.  With its proven, best practice methodology, URM’s information security risk management software, Abriska 27001, enables you to meet this requirement.   We can also assist you to raise and maintain awareness among your staff with our expertly designed and engaging learning management system (LMS), Alurna.

View Products

InfoSec Training Courses

Our information security and risk management training courses can help you learn how to effectively manage information security.  Our Certificate in Information Security Management Principles (CISMP) and Practitioner Certificate in Information Risk Management  (PCIRM) training courses will prepare you to take the BCS (Chartered Institute for IT) administered exams, enabling you to gain industry-recognised qualifications.

View Training Courses

Webinars & Events

URM has gained a reputation as the preeminent UK provider of live webinars, aimed at delivering valuable and practical insights to organisations  looking to improve their information security, risk management, data protection etc. The webinars  are delivered by our senior consultants who share hints and tips on topics such as certifying to ISO 27001 and Cyber Essentials, complying with the GDPR.  All of our webinars are completely free to attend, and include an opportunity to ask questions at the end.

WebinarBeyond ISO 27001 - DORA and NIS 2

URM and DNV provides an overview of ISO 27001, DORA and the NIS 2, key components to enhance cybersecurity and operational resilience across various sectors.

Read more
Listen to recording
USB stick, Padlock, Keys
WebinarPCI DSS v4 Deadline Looming

URM’s webinar will focus on providing you with hints and tips on how to address some of the more challenging requirements coming to life in March 2025

Read more
Listen to recording
USB stick, Padlock, Keys
Round TableHow to Achieve ISO 27001 Certification

On 20 November, BSI and URM are collaborating to deliver a free, half-day Round Table event on how to implement ISO 27001

Read more
Listen to recording
USB stick, Padlock, Keys

Information Security FAQs

What are 4 types of information security?

If we look to guidance from Annex A of ISO 27001, then the answer is organisational, people, physical and technological.  The International Standard groups information security into these 4 categories.  The ‘organisational’ category requires the creation of policies, roles and responsibilities and day-to-day business activities.  The ‘people’ category ensures that the most appropriate staff are employed, and that they understand what is expected of them in relation to the business’ approach to infosec.  ‘Physical’ controls relate to the security of business premises, clear desk policies etc, whilst, ‘technological’ controls relate to measures that may be adopted by organisations to assist in securing information through the use of technology such as capacity management, configuration management, change management, network security, firewalls, cryptography etc.

What are the 3 principles of information security?

The three aspects that information security (infosec) seeks to protect are ‘confidentiality’, ‘integrity’ and ‘availability’. Confidentiality ensures that information is not made available or disclosed to unauthorised entities.  Integrity protects the accuracy and completeness of assets, whilst Availability ensures that information is accessible and usable on demand by authorised individuals.tc.

What are information security examples?

Examples of information security include encryption, firewalls, antivirus software, multi-factor authentication (MFA), vetting of individuals, controlling access to premises / information and providing staff awareness training.

What are 5 information security policies?

Policies provide direction on your organisation’s approach to different aspects of information security management. Policies may relate to the classification of data, password management, acceptable use of assets, authentication procedures and incident response - these are five examples, but your organisation  may choose to formulate a policy relating to any aspect of information security (infosec) management.

Read more
Information Security FAQ

Speak to Information Security Experts

Having assisted over 400 organisations to achieve ISO 27001 certification URM are the ideal specialist partners to help you certify.

Speak to one of our experts today for more information on how we can help. Simply call 0118 206 5410 or request a call back using the form below.

Developing an ISO 27001 Information Security Policy

Published on
5/11/2024

URM’s blog discusses how to develop and implement an information security policy that fully conforms to both your organisation’s and ISO 27001 requirements.

Read more
Thumbnail of the Blog Illustration
Internal Audit
Published on
18/10/2024
Internal Auditing of Management Systems

URM’s blog explains how to plan and execute effective and conformant internal audits of management systems at each stage of the internal audit process.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
11/10/2024
SOC 2 Explained

URM’s blog answers key questions about SOC 2, including what it is & who it applies to, why it is beneficial, how SOC 2 reports are structured & more.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
4/10/2024
Implementing and Auditing ‘People Controls’ from ISO 27001:2022

URM’s blog explains why ‘people’ warrants its own control theme in ISO 27001 and how to prepare for a people controls audit, offering advice for each control.

Read more
"
After a bad experience with a previous provider, we looked to URM for QSA support. The URM QSA we have worked with is phenomenal, and considerably better than our previous QSAs. My team enjoy working with him, and find him to be extremely credible and effective. Whenever we have asked our QSA and account manager whether additional work is required outside of the annual cycle, there has never been a hard sell of any of URM’s services, and instead offer advice based on our compliance requirements and business needs. Our URM QSA always consults with the aim of making compliance as straightforward as possible, and pointed us towards a way of significantly minimising and streamlining our assessment scope that neither we nor our previous PCI DSS consultancy provider had considered.
CISO at University of Surrey