Since 2005, URM has provided consultancy and related services in the areas of information security, data protection, business continuity and risk management. and through our branding we are predominately known as URM and, as such, have changed our registered name from Ultima Risk Management Limited to URM Consulting Services Limited. The change of name was in […]
Tips from URM – Password Management
What’s the difference between a certified and a compliant ISO 27001 Infosec management system? This is the question of the week, what is the difference between a certified and a compliant ISO 27001 management system? There is some confusion about the difference between having an information security management system (ISMS) which is certified to ISO […]
This week’s blog tackles the question of storing cardholder data and why the Payment Card Industry Data Security Standard (PCI DSS) is so beneficial. Fundamentally, it is very clear on this topic – if you don’t need it, don’t store it. Furthermore, if you do need it, make sure that you know everywhere it is […]
This week’s top tip looks at the requirement within both the DPA 2018 and the GDPR to verify the identity an individual making a request before acting or releasing information. Our clients are regularly raising questions and concerns with our consultants along the lines of ‘what do I need to do?’ Let’s start by giving […]
Definition With this week’s blog, the spotlight turns to internal audit and specifically in the context of ISO 27001, the International Standard for Information Security Management. We will step right back and look at internal auditing from the perspective of those new to the subject or those trying to understand where and why it fits. […]
In recent weeks the news has, once again, been peppered with high-profile information security breaches. Many of us find ourselves asking, how do we avoid hitting the headlines for the wrong reasons? This week’s top tip looks at where to start. Avoiding security breaches is not the responsibility of a single individual, irrespective of technical […]
Data Protection and Management System Standards – Which is Best For Me? A question we are increasingly asked is ‘Is there a catch-all international standard that effectively proves external verification of data protection compliance?’ It would be great if the answer to that question was a simple yes, but currently, despite some disingenuous marketing to the […]
