24
January 2023

Cyber Essentials Scheme Being Updated on 24 April 2023

On 23 January 2023, the National Cyber Security Centre (NCSC) published an updated set of requirements, version 3.1, for the Cyber Essentials Scheme which come into force on 24 April 2023.   Whilst the changes are described as being more light touch in comparison to the 2022 update, extra guidance and clarification is provided on compulsory and non-compulsory controls.  A significant number of clarification and guidance updates have been made to improve the user friendliness and accessibility of the Scheme.  Of greater significance to many organisations, 24 April 2023 represents the deferred date when they will need to meet the 2022 update requirements by protecting all Cloud-based user accounts with multi-factor authentication (MFA), removing or segregating all unsupported software and supporting all in-scope thin clients with security updates.

Read moreRead more
10
January 2023

URM Awarded Accreditation to the CREST OWASP Verification Standard

In November 2022, URM became one of the first companies in the UK to be awarded accreditation to the CREST OWASP Verification Standard (OVS ) to deliver both Level 1 and Level 2 Application Security Verification Standard (ASVS) and Mobile Application Security Verification Standard (MASVS) assessments for Web and mobile applications.

Read moreRead more
25
October 2022

ISO/IEC 27001:2022 Published on 25 October

On 25 October 2022, the International Organization for Standardization published the latest version of ISO 27001 and updated its title to ‘Information security, cybersecurity and privacy protection — Information security management systems — Requirements’.  In line with its title, this latest version of ISO 27001 reflects a broader context and that preventing, detecting and responding to cyberattacks is now considered, as well as protecting information and data.

The 2022 version of the Standard provides the updated requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) within the context of your organisation.

Read moreRead more
Read all URM news
WebinarPenetration Tests: Trends and Emerging Threats
11:00 am
,
Wednesday
10
May
2023

The benefits of conducting regular penetration (pen) testing are irrefutable. URM will be sharing its experiences of the different types of tests and trends it is seeing in terms of vulnerabilities across the different types.

Read more
USB stick, Padlock, Keys

Penetration Tests – How to Maximise Your Investment

Published:
November 2022

Practical advice on what your organisation can do in the various phases of a penetration testing in order to improve the effectiveness of penetration tests.

Read more

SOC 2 Type 2 Case Study

Published:
december 2022

Searchlight Security is a market leader of darknet intelligence and forensics with a client base made up predominantly of law enforcement agencies and managed security service providers.  Having already achieved certification to ISO 27001 in 2021, Searchlight decided that it should complete an SSAE 18 SOC 2 audit and demonstrate conformance to this Standard.  This case study focuses on how the organisation, with the support of URM Consulting Services Ltd (URM) managed to achieve a successful SOC 2 Type 2 audit within just 9 months in 2022. The case study focuses on 2 main areas.

The Key Stages (including Scoping, Gap Analysis, Type 1 versus Type 2, Preparation, Collecting Evidence and Audit Process)
Key Success Criteria (including, Internal Champion, Decisiveness, Existing Framework, Subject Matter Expertise, Senior Management Commitment).

Access the Case Study

What is the GDPR?

Latest update:
31 Mar
2023

The GDPR (EU) 2016/679 is an EU regulation which came into effect on 25 May 2018 and set a new benchmark for the processing of personal data.

Read more
Thumbnail of the Blog Illustration
Information Security
updateD:
14/3/2023
Preparing For a PCI DSS v4.0 Assessment

URM is sharing its experiences on how the changes to the PCI DSS v4 affect the assessment process and how organisations can best prepare for the differences.

Read more
Thumbnail of the Blog Illustration
Information Security
updateD:
14/3/2023
Preparing for a Report on Compliance (ROC)

There’s no getting away from the fact that preparing for a PCI DSS ROC can be a bit of a trial....

Read more
Thumbnail of the Blog Illustration
Information Security
updateD:
2/3/2023
ISO/IEC 27001:2022 Key Changes

Following the publication of ISO/IEC 27001:2022 on 25 October 2022, this blog will provide you with our high-level analysis of the key changes.

Read more
"
We engaged URM to help us complete our annual Cyber Essentials Plus certification. They have a great infrastructure and skillset to support the Cyber Essentials program and made the whole process painless for us. It’s a great way for businesses to give themselves a good security health check and in doing so spot any weak points in their IT infrastructure. URM are then perfectly placed to advise on how to fill those gaps for a robust IT / IS policy structure. In summary it’s a great way to show your customers your commitment to cyber security and ultimately keeping their data safe.
Sales engagement platform
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.