Managing Supplier Risk Surveys and reviews of information security incidents typically highlight third parties as being one of the major sources of issues and breaches (e.g. PWC Information Security Survey) and URM believes that many of these could be avoided by organisations improving their due diligence process. URM has repeatedly found that the due diligence […]
How can URM help you to achieve PCI compliance and what is our approach? In our previous blog, we looked at where your PCI compliance journey starts. The first step is understanding the flow of your payment card data – by that we mean where payment card information comes into your organisation, where it goes, […]
Are you adequately covering GDPR within your ISMS? We have recently seen an increased focus on the General Data Protection Regulation (GDPR) by certification body (CB) assessors when conducting ISO 27001 audits. In the past, assessments have typically focused on whether organisations were registered with the Information Commissioner’s Office (ICO), whether they were complying […]
PCI DSS – The Payment Card Data Security Standard – What is it? So, let’s take a step back and define what is the Payment Card Industry Data Security is. Often referred to as PCI DSS or quite simply PCI, the Standard was developed by the founding payment brands of the PCI Security Standards Council (SSC), […]
Think ‘Context’ When Managing Information Risks A common failing that we often see when organisations perform risk management is a lack of ‘complete’ understanding of the potential impacts of an information security breach from both internal and external perspectives, i.e. not fully understanding the context of the organisation. You need to be thinking of risks […]
