Blogs

URM’s blog explains the recent update to PCI DSS SAQ-A that has resulted in the removal of 2 new v4 requirements & the additon of new eligibility criteria.

URM’s blog breaks down the GDPR requirements around special category personal data and how organisations can avoid processing this data inadvertently.

URM’s blog explores Apple’s removal of its ADP tool following a dispute with the UK government & the ongoing struggle between privacy and law enforcement.

URM’s blog explores how AI can impact PCI DSS compliance, both in terms of the benefits it can provide and the challenges it may present.

URM’s blog offers key guidance on how to effectively implement technological controls in your organisation, the common challenges & how these can be overcome.

URM’s blog explains the differences between 4 types of technical security assessments and breaks down the benefits and drawbacks of each.

URM’s blog breaks down the fines issued by the ICO in 2024 for data protection breaches, highlighting emerging trends in their approach to enforcing compliance.

URM’s blog offers key advice and guidance on how to ensure your data processing practices facilitate not only regulatory compliance, but also customer trust.

URM’s blog discusses the significant cyber security risks faced by small & medium-sized enterprises (SMEs), and how Cyber Essentials certification can help.

URM’s blog discusses the EU’s Digital Operation’s Resilience Act (DORA), explaining who it will apply to, its requirements, how it will be enforced, and more.

URM’s blog explains how to conduct information security risk assessments and implement risk treatments that are both efficient and ISO 27001 conformant.

URM’s blog provides a comprehensive breakdown of STAIRs, an upcoming information access standard for private sector social housing providers.

URM’s blog explains what ISO 13485, which organisations it applies to, its relationship with regulatory frameworks such as the UK and EU MDR, and much more.

URM’s blog highlights the growing threat to cyber security in the UK and the importance of the Cyber Essentials scheme in mitigating these risks.

URM’s blog discusses the GDPR and PECR requirements on cookies, common noncompliant practices & how you can ensure your approach to cookies is compliant.

URM’s blog explores the different requirements introduced by these new laws, and the likelihood of a subsequent UK/EU adequacy decision for each nation.

URM’s blog discusses the need for policy in relation to the use of AI, real-world cases where AI has caused organisations issues & how to create an AI policy.

URM’s blog discusses upcoming changes to Cyber Essentials, including the changes seen in the Willow Question Set and how they may impact your organisation.

URM’s blog discusses how to develop and implement an information security policy that fully conforms to both your organisation’s and ISO 27001 requirements.

URM’s blog compares the Government’s new Data (Use and Access) Bill with the previous Government’s DPDI Bill, & how it may alter the UK GDPR when it is passed.

URM’s blog discusses the security risks associated with the software supply chain & how both software developers and their clients can mitigate these risks.

URM’s blog explains how to plan and execute effective and conformant internal audits of management systems at each stage of the internal audit process.

URM’s blog answers key questions about SOC 2, including what it is & who it applies to, why it is beneficial, how SOC 2 reports are structured & more.

URM’s blog explains why ‘people’ warrants its own control theme in ISO 27001 and how to prepare for a people controls audit, offering advice for each control.

URM’s blog offers key advice and detailed guidance on how to balance your organisation’s needs with GDPR compliance as you perform workplace monitoring.

URM’s blog explains what ISO 27002 is, how it can benefit your organisation, & how you can use it to support your implementation of an ISO 27001-conformant ISMS

URM’s blog discusses the importance of LIAs for maintaining compliance with the GDPR, as well as providing a step-by-step breakdown of how to conduct one.

URM’s blog answers key questions on supplier risk management, with a particular focus on the aspects to consider once a supplier has been selected.

URM’s blog explores the first provisional monetary penalty imposed by the ICO exclusively on a data processor & the lessons that can be learned from the case.

URM’s blog explores common pen testing mistakes & how to avoid them, and simple improvements you can immediately implement to enhance your security posture.