URM Consulting Services Limited (URM) is dedicated to providing high quality, cost-effective and tailored consultancy and training in the areas of information and cyber security, data protection, business continuity and risk management.

URM's mission, through our consultancy, cyber testing, auditing and training services along with our risk management software (Abriska), is to assist you achieve the levels of information security, data protection and business continuity which are commensurate with the objectives and culture of your organisation and which also meet international standards, regulations/legislation and recognised best practice.

With our risk-based, pragmatic approach and knowledge transfer philosophy, URM's goal is to work with you to ensure any implementation reflects your culture, is understood and is sustainable.

URM's team of information security, cyber security, data protection, risk management and business continuity consultants comprises some of the most skilled practitioners in the UK, who each possess extensive implementation experience.

URM’s involvement with ISO 27001 and information security goes right back to the launch of the Standard in 2005. We have now been involved in assisting well over 350 organisations to successfully certify (and no failures!) to the Standard and be in a position to maintain that certification.  Since that time, URM has broadened its area of expertise both in terms of other information security standards (PCI DSS, SOC 2, NIST, CMMC and Gambling Commission RTS) and other ISO Standards such as 22301 (business continuity) 9001 (quality) 20001 (service management).  URM is particularly adept at integrating management system standards into a single unified management system.
Practising what it preaches, URM has its own integrated management systems and has been certified to both ISO 27001 and ISO 22301 since they were first introduced.  The Company also became one of the first organisations in the UK to transition its certification to ISO 27001:2022.

As well as providing consultancy and remediation services, URM is one of the UK’s leading auditors of information and cyber security systems and delivers first-party audits (conducting internal audits of your ISMS) second-party audits (conducting audits of your suppliers) and third-party audits (PCI DSS and Cyber Essentials).  With the latter, URM has been qualified as a Payment Card Industry Qualified Security Assessor (PCI QSA) by the PCI Security Standards Council (PCI SSC) to assess organisations' compliance to the Payment Card Industry Data Security Standard (PCI DSS).  In addition, URM has also been accredited as a certification body by IASME to certify against the Government’s Cyber Essentials Scheme

Data protection is another area where URM excels.  With a 17-year track record assisting organisations to comply with legislation such as the Data Protection Act, the GDPR and local country-specific legislation, URM has earned a reputation for adopting a pragmatic and business appropriate approach which will enable you to embed data protection practices in business as usual.

To fully complement all of our governance, risk and compliance services is our cybersecurity consulting and  testing offering to help you identify threats to your information assets.  URM is a CREST-accredited organisation and delivers a wide range of penetration tests, including infrastructure and network, web application, mobile application and Cloud.  By combining cutting edge penetration tests with its governance, risk and compliance services, URM provides a holistic set of policy, process, technical and training solutions to help you address your security weaknesses

Risk management is the cornerstone of any information security or business continuity management system and, since 2002, URM has been developing and refining its risk assessment methodologies and processes to address the requirements of international standards.  Our suite of purpose-designed risk assessment software products (Abriska) can help you not only satisfy the requirements of ISO 27001 and ISO 22301, but enable you to make better-informed decisions as to which people/policy/process/technical controls to implement.

URM’s Core Values

URM has a number of values which reflect who we are and act as our guiding principles as we continue to grow.

Quality Driven

Our goal from day one has been to aspire to the highest levels of quality when delivering services and products to our clients, and to strive to constantly exceed expectations. We are uncompromising in our focus on consistently delivering excellence and taking pride in what we do.

Always Trustworthy

We endeavour to adhere to the highest standards of integrity and fiscal responsibility. We will always honour our commitments and act in the best interests of our clients. Equally, URM will be honest with both clients and employees alike and, if asked if we can do something that we know we can’t, we will say so. As an employer and partner, we pride ourselves on being fair, honest, transparent, thoughtful and respectful.

Responsive and Flexible

We believe our flexible, customer-centric approach is a major differentiator vis-a-vis our competitors. Our clients and partners can, for example, always expect a prompt and efficient response to any enquiry and for URM to be creative and resourceful in meeting their needs.

Continually improving

Within URM, there is a determination and tenacity to continually improve our processes, services and products. We constantly endeavour to find ways of becoming more effective, efficient and innovative, no matter how marginal those improvements may be. Clients can be assured that they are working with an organisation which is never complacent and is one that is free of arrogance and ego. We value and encourage feedback, so that we can fully understand where we need to improve and implement those changes.

Supportive Nature

With our strong team and collaborative working culture, URM can be relied upon for our support and resilience capabilities. We have strength in depth and will always aim to provide back up to the lead consultants. We are totally committed to sharing our knowledge and skills to improve the competence of our clients and our own team.

Expertise Assured

The quality of our services is inextricably linked to the expertise of our consultants, trainers and product developers. We are very proud of our recruitment and retention of a number of the UK’s leading practitioners within their respective fields. URM’s consultants are renowned not just for their technical knowledge, but their ability to apply and communicate that knowledge. The enthusiasm and passion for their subject is infectious.

Brief History

Starting as an information security division within a technical solution provider in 2002, we were established as a separate legal entity, Ultima Risk Management Ltd, three years later in July 2005.

Since 2005, URM has grown consistently and organically, establishing itself as one of UK’s leading GRC and cybersecurity testing providers.  

In August 2019, the name of the company was changed to URM Consulting Services Limited (URM) to match its recognised brand name.


URM is Certified to:
ISO 27001:2013 (certificate IS 536976)*
ISO 22301:2012 (certificate BCMS 594364)
Cyber Essentials (certificate IASME-CE-014362)
Cyber Essentials Plus (certificate IASME-CEP-003133)
URM is also CREST accredited as a penetration testing service provider

*In April 2023, URM became one of the first companies in the UK to certify to ISO 27001:2022

Office working hours
Contact information