Stuart Skelly
|
Senior Consultant at URM
|
Published on
22
November
2024

URM’s blog explores the different requirements introduced by these new laws, and the likelihood of a subsequent UK/EU adequacy decision for each nation.

Read more
Cyber Security
Published on
14/11/2024
Cyber Essentials – What’s Changing in 2025?

URM’s blog discusses upcoming changes to Cyber Essentials, including the changes seen in the Willow Question Set and how they may impact your organisation.

Information Security
Published on
5/11/2024
Developing an ISO 27001 Information Security Policy

URM’s blog discusses how to develop and implement an information security policy that fully conforms to both your organisation’s and ISO 27001 requirements.

Data Protection
Published on
31/10/2024
DUA Bill: An Initial Assessment

URM’s blog compares the Government’s new Data (Use and Access) Bill with the previous Government’s DPDI Bill, & how it may alter the UK GDPR when it is passed.

Cyber Security
Published on
24/10/2024
Enhancing Security in the Software Supply Chain

URM’s blog discusses the security risks associated with the software supply chain & how both software developers and their clients can mitigate these risks.

Internal Audit
Published on
18/10/2024
Internal Auditing of Management Systems

URM’s blog explains how to plan and execute effective and conformant internal audits of management systems at each stage of the internal audit process.

Information Security
Published on
11/10/2024
SOC 2 Explained

URM’s blog answers key questions about SOC 2, including what it is & who it applies to, why it is beneficial, how SOC 2 reports are structured & more.

Information Security
Published on
4/10/2024
Implementing and Auditing ‘People Controls’ from ISO 27001:2022

URM’s blog explains why ‘people’ warrants its own control theme in ISO 27001 and how to prepare for a people controls audit, offering advice for each control.

Data Protection
Published on
27/9/2024
Data Protection Considerations for Monitoring Employees

URM’s blog offers key advice and detailed guidance on how to balance your organisation’s needs with GDPR compliance as you perform workplace monitoring.

Information Security
Published on
20/9/2024
ISO 27002, the Unsung Hero

URM’s blog explains what ISO 27002 is, how it can benefit your organisation, & how you can use it to support your implementation of an ISO 27001-conformant ISMS

Data Protection
Published on
13/9/2024
How to Conduct a Legitimate Interest Assessment (LIA)

URM’s blog discusses the importance of LIAs for maintaining compliance with the GDPR, as well as providing a step-by-step breakdown of how to conduct one.

Information Security
Published on
5/9/2024
Common Questions When Managing Supplier Information Security Risks

URM’s blog answers key questions on supplier risk management, with a particular focus on the aspects to consider once a supplier has been selected.

Data Protection
Published on
30/8/2024
The ICO Issues its First Notice of Intention to Fine a Data Processor

URM’s blog explores the first provisional monetary penalty imposed by the ICO exclusively on a data processor & the lessons that can be learned from the case.

Cyber Security
Published on
22/8/2024
Pitfalls to Avoid in your Penetration Testing Programme

URM’s blog explores common pen testing mistakes & how to avoid them, and simple improvements you can immediately implement to enhance your security posture.

Other Standards
Published on
16/8/2024
The EU Artificial Intelligence Act

URM’s blog breaks down the EU AI Act and discusses its scope, requirements, how it will be enforced, how it may impact the UK & the rest of the world, and more.

Information Security
Published on
8/8/2024
How to Conduct Effective Supplier Information Security Risk Management

URM’s blog provides a stage-by-stage breakdown of the key steps you will need to take to conduct effective supplier information security risk management.

Cyber Security
Published on
1/8/2024
10 Most Common Vulnerabilities Found in Pen Tests

URM’s blog outlines the top 10 most common vulnerabilities we identify when conducting pen tests, the associated risks, and how they can be fixed/avoided.

Information Security
Published on
25/7/2024
5 Golden Rules for Implementing ISO 9001

URM’s blog offers advice and guidance on how to implement and maintain an ISO 9001-aligned QMS and receive the maximum benefit from your investment.

Data Protection
Published on
18/7/2024
ICO Enforcement Action January – June 2024

URM’s blog reviews ICO enforcement activities for the 1st half of 2024, highlighting trends & shifts in how it enforces against data protection breaches.

Cyber Security
Published on
12/7/2024
Access Control, Administrative Accounts and Password-Based Authentication in the Cyber Essentials SAQ

URM’s blog offers advice on answering questions in the Cyber Essentials SAQ which relate to access control, admin accounts and authentication methods.

Information Security
Published on
10/7/2024
A Guide to the Certificate in Information Security Management Principles (CISMP)

URM’s blog discusses everything you need to know about the CISMP, including its benefits, who it’s suited to, the topics the CISMP covers, and more.

Data Protection
Published on
5/7/2024
Oral references now count as processing for GDPR purposes (in the EU at least)

URM’s blog explores a recent ECJ ruling which dictates that oral job references are covered by the GDPR

Cyber Security
Published on
27/6/2024
Getting the Most from Your Pen Tests - During and Afterwards

URM’s blog outlines the key steps you can take during and after a penetration test to improve your organisation’s security posture.

Other Standards
Published on
5/6/2024
ISO 42001 Artificial Intelligence Impact Assessments (AIIAs)

URM’s blog explores artificial intelligence impact assessments (AIIAs) and offers advice on how to conduct these assessments in full conformance with ISO 42001.

Data Protection
Published on
5/6/2024
Data Protection Considerations for Data Analytics

URM’s blog explores the data protection considerations for data analytics tools, and how to reap their many benefits while still maintaining GDPR compliance.

Information Security
Published on
4/6/2024
PCI DSS v4.0: Targeted Risk Analysis

URM’s blog dissects the new PCI DSS requirements around targeted risk analysis, what they involve, and how the 2 types of TRA in the Standard differ.

Information Security
Published on
3/6/2024
PCI DSS v4.0: Forced Password Changes and Zero Trust Architecture

URM’s blog drills down into the PCI DSS v4.0 requirements around forced password changes, with a particular focus on the addition of zero-trust architecture.

Cyber Security
Published on
31/5/2024
How to Get the Most From Your Penetration Tests

URM’s blog discusses how to prevent and mitigate the damage done by ransomware attacks, and how penetration testing can help your organisation avoid them.

Data Protection
Published on
29/5/2024
First official European response to the Data Protection and Digital Information Bill

URM’s blog explores the first formal European response to the DPDI Bill, and how the Bill may jeopardise the UK’s adequacy status when it reforms the UK GDPR.

Other Standards
Published on
17/5/2024
ISO 42001 and AI Perspectives

URM’s blog explores ISO 42001, its intentions and structure, and the AI perspectives that will need to be considered by organisations implementing the Standard.

Information Security
Published on
9/5/2024
Common Pitfalls Identified in Organisations Seeking ISO 27001 Certification

URM’s blog discusses the common pitfalls of the ISO 27001 implementation and certification process, and how you can avoid making the same mistakes.

URM regularly holds FREE webinars on GDPR
Find out more
"
URM have been consistently helpful, friendly and efficient in assisting us through the Cyber Essentials and Cyber Essentials Plus accreditation process.
Experts in optimisation, forecasting, artificial intelligence and algorithm auditing
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.