Recent Videos
Cyber Essentials Changes in 2026 – Adjusting CE VSA Responses
We explain IASME’s clarification on adjusting CE VSA responses once CE+ testing has started.
Watch the video
Cyber Essentials Changes in 2026 – Point in Time Assessment
We explain IASME’s clarification of the term ‘point-in-time’ regarding the date that certification is based on.
Watch the video
Cyber Essentials Changes in 2026 – Second Sampling
We discuss perhaps the most brodly impactful change to Cyber Essentials Plus of this year: the new second sampling requirement for update management non-compliances.
Watch the video
Cyber Essentials Changes in 2026 – Cyber Essentials Plus Changes Overview
We provide an overview of the changes to Cyber Essentials Plus, the scheme’s audited qualification.
Watch the video
Cyber Essentials Changes in 2026 – Major Non-compliances
We explain the new Cyber Essentials Plus rule banning major non-compliances in the VSA, how it differs from before, and the likely practical impact.
Watch the video
Cyber Essentials Changes in 2026 – Backups
We explore the importance of backups in strengthening their cyber resilience.
Watch the video
Cyber Essentials Changes in 2026 – User Access Control
We discuss the shift in focus regarding user access control and passwordless authentication options.
Watch the video
Cyber Essentials Changes in 2026 – Web Applications
We discuss the updates to the guidance for web applications, now titled ‘Application Development’.
Watch the video
Cyber Essentials Changes in 2026 – Scoping Criteria
We explain the various changes to scoping criteria and how the requirements around scoping have tightened.
Watch the video
Cyber Essentials Changes in 2026 – Automatic Failure Questions
We discuss the questions that have been reclassified as ‘automatic failure questions’ in the new Danzell Question Set.
Watch the video
Cyber Essentials Changes in 2026 – MFA
We break down the updates to Cyber Essentials requirements for multi-factor authentication (MFA).
Watch the video
Cyber Essentials Changes in 2026 – Cloud Services
We explain the new formal definition of a ‘cloud service’ that IASME has provided this year.
Watch the video
Cyber Essentials Changes in 2026 – an Overview
We provide a high-level overview of the changes to the scheme, from the new Danzell Question Set to the updated Requirements for IT Infrastructure document.
Watch the video
Critical Steps in Implementing ISO 27001
We share the key benefits of implementing ISO 27001 reported by organisations that have achieved certification to the Standard.
Watch the video
How ISO 27001 Can Benefit Your Organisation
We share the key benefits of implementing ISO 27001 reported by organisations that have achieved certification to the Standard.
Watch the video
How is ISO 27001 Structured
We break down the structure of ISO 27001, including its ‘Harmonized Structure’ used by other ISO management system standards.
Watch the video
What is ISO 27001?
We give a high-level overview of what ISO 27001 is, the background and intention of the Standard, and explain the concept of ISMS
Watch the video
How to Maintain Cyber Essentials and Cyber Essentials Plus Certification
We share the best practices that will allow you to maintain Cyber Essentials and Cyber Essentials Plus certification
Watch the video
Preparing for Cyber Essentials and Cyber Essentials Plus Certification
We outline effective ways of preparation for Cyber Essentials or Cyber Essentials Plus
Watch the video
Cyber Essentials and Cyber Essentials Plus - 5 Technical Control Areas
This overview gives you a clear picture of today’s cyber risk landscape and what you can do to stay ahead.
Watch the video
What Are the Differences Between CE and CE Plus?
This overview gives you a clear picture of today’s cyber risk landscape and what you can do to stay ahead.
Watch the video
What Are Cyber Essentials and Cyber Essentials Plus?
This overview gives you a clear picture of today’s cyber risk landscape and what you can do to stay ahead.
Watch the video
The Current Cyber Threat Landscape
TRENDING
This overview gives you a clear picture of today’s cyber risk landscape and what you can do to stay ahead.
Watch the videoRecent BLOGS
Cyber Security
Published on
21/5/2026
Understanding Defence Cyber Certification (DCC)TRENDING
URM’s blog explains how the DCC works, who needs it, the benefits of certification, with clear guidance on how to approach compliance and avoid common mistakes.
Cyber Security
Published on
21/5/2026
Cyber Security and the Board: The UK Cyber Resilience Pledge in FocusTRENDING
URM’s blog explains the purpose, structure and content of the Government’s new Cyber Resilience Pledge, and what it means for organisations across the UK.
Artificial Intelligence
Published on
8/5/2026
Artificial Intelligence Frameworks and Regulations: ISO 42001, the NIST AI RMF and the EU AI ActTRENDING
URM’s blog explores 3 leading AI governance frameworks and regulations, how they complement and differ & what they mean for organisations working with AI.
Information Security
Published on
6/5/2026
Certifying to ISO 27001: Key Tips for Success and Common Pitfalls to AvoidTRENDING
URM’s blog outlines practical tips for a successful ISO 27001 implementation, and the common mistakes to avoid throughout the certification process.
Information Security
Published on
23/4/2026
ISO 27001 Clause 7.5: Documented Information ExplainedTRENDING
URM’s blog breaks down ISO 27001 Clause 7.5 requirements, with practical guidance on how to achieve conformance to this Clause & what external assessors expect.
Information Security
Published on
9/4/2026
Common Issues Identified During Audits of ISO 27001:2022TRENDING
URM’s blog explores common issues and areas for improvement identified during audits of organisations that have transitioned to ISO 27001:2022
Information Security
Published on
1/4/2026
ISO 27001 Clause 9.1: Monitoring, Measurement, Analysis and Evaluation ExplainedTRENDING
URM’s blog explores ISO 27001 Clause 9.1, what it requires and practical guidance on how to implement this Clause in full conformance with the Standard.
Cyber Security
Published on
26/3/2026
Cyber Essentials Update 2026 TRENDING
URM’s blog breaks down key changes to the Cyber Essentials scheme coming into force on 27 April 2026, including the new Danzell Question Set.
Information Security
Published on
23/3/2026
Continuous Compliance With the PCI DSSTRENDING
URM’s blog outlines how continuous compliance fits into PCI DSS, and explores practical ways to integrate requirements into business-as-usual (BAU) operations.
Information Security
Published on
20/3/2026
ISO 27001 – Clause 6.3: The Importance of Planned ISMS Change ManagementTRENDING
URM’s blog explains the purpose & requirements of ISO 27001 Clause 6.3, types of ISMS change it covers, and key considerations when putting it into practice.
Cyber Security
Published on
10/3/2026
Cyber Security and the Board: A Sign of What’s to ComeTRENDING
URM’s blog explains recent amendments to the Cyber Security and Resilience Bill, how they align with broader regulatory shifts, & practical steps to prepare.
Data Protection
Published on
5/3/2026
Data Protection Interpretation Affirmed by the Court of Appeal in DSG Retail CaseTRENDING
URM’s blog unpacks the DSG vs. ICO case, how it reached the Court of Appeal, & the Court’s decision on the status of pseudonymised data in the hands of attacker
URM is renowned for helping organisations to achieve the optimum balance when implementing an ISMS.
Find out more
how URM CAN HELP?
URM CONSULTING services
Looking to achieve ISO 9001 certification?
With 20 years’ experience and 400+ successful projects, URM’s expert consultants will guide you every step of the way—no failures, just results. Partner with us and get certified with confidence.
Read more
URM CONSULTING services
Strengthen your business continuity
From BIAs to bespoke BC plans and ISO 22301 certification, our expert consultants can help you build resilience. Let URM support you with proven tools, tailored advice, and practical solutions to protect what matters most.
Read more
URM CONSULTING services
Does your mobile application need to be pen tested?
URM can conduct penetration tests on mobile apps that are deployed to either Apple IOS or Android devices, typically against the OWASP MASVS, but also under the CREST OVS framework where required.
Read more
"
Everything went as planned, our consultant was very professional, displayed flexibility when needed, and his approach was greatly appreciated!
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.