June 2019

  • how to deliver a business continuity exercise , business continuity, ISO 22301 types of exercising

    Business Continuity – Types of Exercising

    Types of Exercising   Our previous blog about how to deliver a business continuity exercise prompted a number of questions about the types of business continuity exercise and when to use them.  So, this week’s blog does just that!   Without exercising (we prefer this to testing which implies a pass or fail), an organisation […]

  • What to expect from PCI DSS Policies, Procedures and Evidence. Auditing and the QSA, QSAs and the Payment Card Industry data security standard

    PCI Policies, Procedures and Evidence – What is expected?

    Policies, Procedures and Evidence   While it’s one of the areas that IT and security departments find challenging, documentation (and compliant evidence) is what makes for a happy and satisfied PCI Qualified Security Assessor (QSA), and, more importantly, a successful PCI compliance audit!  Successful  compliance programmes invariably depend on the accurate and consistent recording of events and the […]

  • Data Protection – What is the current focus?

    This week’s top tip focuses on data protection and the value of the information you can find on the Information Commissioner’s Office (ICO) website.   There is a wealth of information available on the ICO’s website, however, probably one of the most visited areas is ‘Action We’ve Taken’.  In particular, the enforcement notices, audits, advisory […]

  • 2019 Verizon breach report and insights from URM organisation focusing on consultancy and training, helping organisations to comply or certify to international standards eg. ISO 27001 Information Security /cyber security, 22301 Business Continuity and Risk management.

    2019 Verizon Breach Report – A first look

    In our past blogs, we focused on where to seek information and highlights a recently released report which contains useful and valuable information. We also mentioned about the Horizon Scan Report (2019) by BCI   Today we will give an overview of the 2019 Verizon Breach Report   Where to start, 2019… another year and another Verizon […]

  • Latest recovery disaster, expect the unexpected, Business COntinuity, Thames Water,South American Power Cut, floods, ISO 22301

    Tips from URM | Expect the Unexpected – But have you Planned for the Unexpected?

    Have you Planned for the Unexpected?   This week’s top tip reflects on the prevalent theme of ‘uncertainty’.  Whether it be the general backdrop of political uncertainty that has dominated our lives since 23 June 2016, the vexing Tory leadership race as we await to see who will be our next Prime Minister or the […]

  • 5 common pitfalls to avoid to achieve or maintain PCI DSS compliance. (PCI DSS Payment Card Industry Data Security Standard )

    Top 5 common pitfalls of PCI DSS compliance

    As a Payment Card Industry Qualified Security Assessor (PCI QSA) company, we are often asked by organisations which process card payments what are main pitfalls to avoid in complying with the Payment Card Industry Data Security Standard (PCI DSS).  Well, here’s our top five (5) pitfalls to avoid if your organisation is looking achieve or […]

  • Cyber / Information Security / Business Continuity management – Continuous Improvement , What next?

    Continuous Improvement, What next? This week’s top tip focuses on where to seek information and highlights a recently released report which contains useful and valuable information.    A fundamental expectation of all ‘best practice’ ISO management systems is the requirement for a programme of continuous improvement.  There is often a danger within all organisations that programmes […]

  • PCI DSS report, Preparing for a Report on Compliance

    Preparing for a Report on Compliance (ROC)

    There’s no getting away from the fact that preparing for a PCI DSS ROC can be a bit of a trial, and particularly for those who are experiencing their first visit from a QSA.  Like most trials, the good news is that future visits do get easier as your infrastructure gets up to spec.  That […]

  • Merchants vs. Service Providers: What are they and what are the requirements, PCI DSS compliance

    Merchants vs. Service Providers: What are they and what are the requirements? Part 2

    In our last blog we addressed merchants, so this time we turn to service providers.  A service provider is defined as a ‘business entity that is not a payment brand, directly involved in the processing, storage, or transmission of cardholder data. This also includes companies that provide services that control or could impact the security […]