Blogs

URM’s blog highlights the growing threat to cyber security in the UK and the importance of the Cyber Essentials scheme in mitigating these risks.

URM’s blog discusses the GDPR and PECR requirements on cookies, common noncompliant practices & how you can ensure your approach to cookies is compliant.

URM’s blog explores the different requirements introduced by these new laws, and the likelihood of a subsequent UK/EU adequacy decision for each nation.

URM’s blog discusses the need for policy in relation to the use of AI, real-world cases where AI has caused organisations issues & how to create an AI policy.

URM’s blog discusses upcoming changes to Cyber Essentials, including the changes seen in the Willow Question Set and how they may impact your organisation.

URM’s blog discusses how to develop and implement an information security policy that fully conforms to both your organisation’s and ISO 27001 requirements.

URM’s blog compares the Government’s new Data (Use and Access) Bill with the previous Government’s DPDI Bill, & how it may alter the UK GDPR when it is passed.

URM’s blog discusses the security risks associated with the software supply chain & how both software developers and their clients can mitigate these risks.

URM’s blog explains how to plan and execute effective and conformant internal audits of management systems at each stage of the internal audit process.

URM’s blog answers key questions about SOC 2, including what it is & who it applies to, why it is beneficial, how SOC 2 reports are structured & more.

URM’s blog explains why ‘people’ warrants its own control theme in ISO 27001 and how to prepare for a people controls audit, offering advice for each control.

URM’s blog offers key advice and detailed guidance on how to balance your organisation’s needs with GDPR compliance as you perform workplace monitoring.

URM’s blog explains what ISO 27002 is, how it can benefit your organisation, & how you can use it to support your implementation of an ISO 27001-conformant ISMS

URM’s blog discusses the importance of LIAs for maintaining compliance with the GDPR, as well as providing a step-by-step breakdown of how to conduct one.

URM’s blog answers key questions on supplier risk management, with a particular focus on the aspects to consider once a supplier has been selected.

URM’s blog explores the first provisional monetary penalty imposed by the ICO exclusively on a data processor & the lessons that can be learned from the case.

URM’s blog explores common pen testing mistakes & how to avoid them, and simple improvements you can immediately implement to enhance your security posture.

URM’s blog breaks down the EU AI Act and discusses its scope, requirements, how it will be enforced, how it may impact the UK & the rest of the world, and more.

URM’s blog provides a stage-by-stage breakdown of the key steps you will need to take to conduct effective supplier information security risk management.

URM’s blog outlines the top 10 most common vulnerabilities we identify when conducting pen tests, the associated risks, and how they can be fixed/avoided.

URM’s blog offers advice and guidance on how to implement and maintain an ISO 9001-aligned QMS and receive the maximum benefit from your investment.

URM’s blog reviews ICO enforcement activities for the 1st half of 2024, highlighting trends & shifts in how it enforces against data protection breaches.

URM’s blog offers advice on answering questions in the Cyber Essentials SAQ which relate to access control, admin accounts and authentication methods.

URM’s blog discusses everything you need to know about the CISMP, including its benefits, who it’s suited to, the topics the CISMP covers, and more.

URM’s blog explores a recent ECJ ruling which dictates that oral job references are covered by the GDPR

URM’s blog outlines the key steps you can take during and after a penetration test to improve your organisation’s security posture.

URM’s blog explores artificial intelligence impact assessments (AIIAs) and offers advice on how to conduct these assessments in full conformance with ISO 42001.

URM’s blog explores the data protection considerations for data analytics tools, and how to reap their many benefits while still maintaining GDPR compliance.

URM’s blog dissects the new PCI DSS requirements around targeted risk analysis, what they involve, and how the 2 types of TRA in the Standard differ.

URM’s blog drills down into the PCI DSS v4.0 requirements around forced password changes, with a particular focus on the addition of zero-trust architecture.