Blogs

URM’s blog discusses the testing, assessments, exercises and reviews you can conduct following a cyber security incident to strengthen your security posture.

URM’s blog answers key technical questions about Cyber Essentials and Cyber Essentials Plus, what’s in scope, CE compliant use of BYOD, and more.

On 22 February 2024 ISO and IAF released a joint statement relating to an amendment to a total of 31 existing Annex SL management system standards.

Blog, produced in collaboration with BSI, discusses the timeline for transition to ISO 27001:2022 and what you can expect from your transition assessment.

URM’s blog explains the core principles which underpin the GDPR and outlines some key policies that can help organisations achieve and maintain compliance.

URM’s blog provides 3 useful top tips to help your organisation prepare for successful Cyber Essentials or Cyber Essentials Plus certification assessment.

URM’s blog compares the management system clauses of ISO 27001 and ISO 9001 to identify integration opportunities.

URM’s blog discusses changes to the SCCs British organisations can use to legitimise restricted transfers of data under the UK GDPR

URM’s blog discusses the changes to the requirements around threat intelligence in ISO 27001:2022 and what certified organisations will need to do differently.

URM provide 10 actionable top tips that will allow you to take significant steps forward in your compliance journey.

URM’s blog explains how the principles of confidentiality, integrity and availability (CIA) can help align your information security controls with best practice

URM’s blog outlines the DP concerns around the use of facial recognition technology (FRT), and offers guidance on making sure your FRT use is GDPR compliant.

URM’s blog outlines the 6 of the key steps you can take to successfully implement an ISO 27001 conformant information security management system.

URM’s blog breaks down the fines issued by the ICO in 2023 for data protection breaches, highlighting emerging trends in their approach to enforcing compliance.

URM’s blog provides detailed guidance on aligning an existing control framework with ISO 27001, allowing you to certify and capitalise on previous work.

URM discusses an interview with the Information Commissioner, John Edwards, and the background of the penalty fine imposed on the Ministry of Defence (MOD).

URM answers key questions around data transfer impact assessments (DTIAs), providing detailed guidance on the best practice approach to conducting them.

URM explains benefits of implementation and applications of ISO 13485:2016 - standard for Quality Management for Medical Devices.

URM answers key questions around data protection impact assessments (DPIAs), providing detailed guidance on the best practice approach to conducting them.

Are you getting the best value out of your penetration testing? URM’s blog discusses alternative approaches to penetration testing.

URM details Clearview AI’s successful appeal against the ICO imposing a £7.5 million fine for breach of the UK GDPR and their grounds for reversing the ruling.

URM’s provides detailed guidance on how to conduct a business impact analysis (BIA) and ensure your business continuity plans are based on a solid foundation.

Meeting the new payment page requirements in PCI DSS v4.0 may seem tricky. URM provides detailed guidance on implementation and effective payment page security.

Everything you need to know about PCI DSS v4.0: With a particular focus on some of the more challenging requirements such as MFA and payment page scripts.

Transitioning to PCI DSS v4.0 sooner rather than later has its advantages and disadvantages, in this article URM explores both sides of the argument.

If your organisation is looking to transition to ISO 27001:2022, URM’s blog provides practical and invaluable guidance on meeting the new requirements.

Some organisations are using artificial intelligence (AI) to help respond to DSARs. But can AI provide a full and robust solution?

The consequences of unauthorised access are varied. Apart from financial losses, there is a loss of customer confidence. Can penetration testing prevent this?

We are answering questions: what is a GDPR DSAR, what information can a data subject request, what should you do when you receive a DSAR, and many more.

3rd part of question and answer session where URM compared and contrasted 2 of the world’s leading information security standards, ISO 27001 and SOC 2.