Blog

URM’s blog explains the purpose & requirements of ISO 27001 Clause 6.3, types of ISMS change it covers, and key considerations when putting it into practice.

URM’s blog explains recent amendments to the Cyber Security and Resilience Bill, how they align with broader regulatory shifts, & practical steps to prepare.

URM’s blog unpacks the DSG vs. ICO case, how it reached the Court of Appeal, & the Court’s decision on the status of pseudonymised data in the hands of attacker

URM’s blog explains the building blocks of information security risk, outlining how risks can be valued and prioritised, the role of rise appetite, and more.

URM’s blog explores how DSARs can be used to drive improvements, and share our insights on managing other data subject rights efficiently and effectively.

URM’s blog explains the recent open letter to suppliers issued by the NHS, what it means, why it matters, and the practical steps you can take to prepare.

URM’s blog unpacks the Identify Function of the NIST CSF, providing a detailed breakdown of its requirements and what you need to do to meet them.

URM’s blog analyses the ICO’s enforcement action in 2025, highlighting surprising trends in its approach to enforcing compliance with data protection law.

URM provide ten actionable top tips that will allow you to take significant steps forward in your compliance journey.

URM’s blog explores the importance of cyber resilience & the steps organisations can take to prepare for and mitigate the impact of a cyber incident.

URM’s blog explores common weaknesses in organisations’ security programmes, & outlines practical, cost-effective measures to reduce the likelihood of a breach

Read URM’s blog, where we explore the importance of clock synchronisation for cyber security and resilience, and how to meet the requirements of Control 8.17.

URM’s blog explores the ICO’s guidance on business emails in DSARs & examine the implications of a recent ruling on the subject by the French Court of Cassation

URM’s blog explores key updates to medical device standards, regulations & guidance documents, helping manufacturers understand what’s coming & how to prepare.

URM’s blog shares a Managing Director’s account of navigating & recovering from a major cyber attack, with a focus on the human impact of the breach.

URM’s blog examines the impact of the latest ruling from the Upper Tribunal in the Clearview AI case, and the cross-border GDPR enforcement gap it exposes.

URM’s blog breaks down the latest changes to the Cyber Essentials requirements and outlines why these updates matter for organisations seeking certification.

URM’s blog breaks down the new EU Cyber Resilience Act, what products/entities are in scope, the security requirements it imposes on organisations, and more.

URM’s blog breaks down the NIST CSF’s new Govern Function, its importance, and the policies, processes and activities you will need to have in place to comply.

URM’s blog offers key advice on what to expect from your SOC 2 audit in practice, the types of evidence you will need to provide, how best to prepare, and more.

URM’s blog explores the different forms of phishing attacks, the strategies used to exploit human vulnerabilities, & how to protect against these attacks.

URM’s blog explains the Government’s new proposed measures around ransomware attacks and payments, which organisations they would affect, & why they are needed.

URM’s blog reviews the ICO’s data protection enforcement actions in Jan-Jun 2025, outlining changes and emerging trends in its approach to enforcing compliance.

URM’s blog provides top tips for communicating in a crisis & developing an effective communications plan to help maintain business continuity during disruption.

URM’s blog explores Clause 5.1 of ISO 27001, what you must do to meet its requirements, and why leadership & commitment are vital to an effective ISMS.

URM’s blog breaks down the data protection aspects of body worn video cameras, and how to ensure your use of BWV is compliant with the GDPR.

URM’s blog explains what DCC is, how compliance with the scheme and the process to certification work, and the benefits to obtaining certification.

URM’s blog breaks down the ISO 27001 certification process, the roles of certification bodies and UKAS, what auditors look for during assessments, and more.

URM’s blog examines how ransomware occur, and highlights practical cyber security measures you can implement to reduce your exposure and mitigate security risk.

URM’s blog highlights the steps PRPs can take to prepare for the introduction of the STAIRs & ensure they are compliant when these requirements come into force.