Since 2005, URM has provided consultancy and related services in the areas of information security, data protection, business continuity and risk management. and through our branding we are predominately known as URM and, as such, have changed our registered name from Ultima Risk Management Limited to URM Consulting Services Limited. The change of name was in […]
One of the long-held beliefs underpinning many a password policy is that forcing a regular password change is a good thing. After all, by changing our passwords on a regular basis we might be able to stop an attacker taking advantage of a password they may have discovered. However, by forcing users to change […]
This is the question of the week, what is the difference between a certified and a compliant ISO 27001 management system? There is some confusion about the difference between having an information security management system (ISMS) which is certified to ISO 27001 and one which is compliant or aligned to the Standard. This week’s top […]
This week’s blog tackles the question of storing cardholder data and why the Payment Card Industry Data Security Standard (PCI DSS) is so beneficial. Fundamentally, it is very clear on this topic – if you don’t need it, don’t store it. Furthermore, if you do need it, make sure that you know everywhere it is […]
This week’s top tip looks at the requirement within both the DPA 2018 and the GDPR to verify the identity an individual making a request before acting or releasing information. Our clients are regularly raising questions and concerns with our consultants along the lines of ‘what do I need to do?’ Let’s start by […]
Definition With this week’s blog, the spotlight turns to internal audit and specifically in the context of ISO 27001, the International Standard for Information Security Management. We will step right back and look at internal auditing from the perspective of those new to the subject or those trying to understand where and why it fits. […]
In recent weeks the news has, once again, been peppered with high-profile information security breaches. Many of us find ourselves asking, how do we avoid hitting the headlines for wrong reasons? This week’s top tip looks at where to start. Avoiding security breaches is not the responsibility of a single individual, irrespective or technical ability, […]
A question we are increasingly asked is ‘Is there a catch-all international standard that effectively proves external verification of data protection compliance?’ It would be great if the answer to that question was a simple yes, but currently, despite some disingenuous marketing to the contrary, there is no official GDPR certification either centrally or from […]