URM’s mission

URM Consulting Services Limited (URM) is dedicated to providing high quality, cost-effective and tailored consultancy and training in the areas of information and cyber security, data protection, business continuity and risk management.

URM's mission, through our consultancy, cyber testing, auditing and training services along with our risk management software (Abriska), is to assist you achieve the levels of information security, data protection and business continuity which are commensurate with the objectives and culture of your organisation and which also meet international standards, regulations/legislation and recognised best practice.

With our risk-based, pragmatic approach and knowledge transfer philosophy, URM's goal is to work with you to ensure any implementation reflects your culture, is understood and is sustainable.

URM’s consultants

URM's 35+ strong team of information security, cyber security, data protection, risk management and business continuity consultants comprises some of the most skilled practitioners in the UK, who possess extensive implementation experience and sector relevant qualifications such as Certified Information Security Manager (CISM),  Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) PCI Qualified Security Assessor, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, Certificate in Data Protection, Certified Red Team Operator (CRTO), Offensive Security Certified Professional (OSCP) and CREST Registered Tester (CRT).

Consultancy and remediation

URM’s involvement with ISO 27001 and information security goes right back to the launch of the Standard in 2005, where it became one of the first organisations to certify against the Standard. We have now been involved in assisting well over 400 organisations to successfully certify (and no failures!) to the Standard and be in a position to maintain that certification.  Since that time, URM has broadened its area of expertise both in terms of other information security standards (PCI DSS, SOC 2, NIST, CMMC and Gambling Commission (RTS) and other ISO Standards such as 22301 (business continuity) 9001 (quality) 20001 (service management) and 13845 (medical devices).  URM is particularly adept at integrating management system standards into a single unified management system.

Our qualifications

Practising what it preaches, URM has its own integrated management systems and has been certified to both ISO 27001 and ISO 22301 (certificate BCMS 594364) since they were first introduced.  The Company also became one of the first organisations in the UK to transition its certification to ISO 27001:2022 (certificate IS 536976).  URM is also a Payment Card Industry Qualified Security Assessor Company (QSAC) which allows it to perform formal assessments of conformance with the PCI Data Security Standard (DSS).

Audit and certification capabilities

As well as providing consultancy and remediation services, URM is one of the UK’s leading auditors of information and cyber security systems and delivers first-party audits (conducting internal audits of your ISMS) second-party audits (conducting audits of your suppliers) and third-party audits (PCI DSS and Cyber Essentials).  With the latter, URM has been qualified as a Payment Card Industry Qualified Security Assessor (PCI QSA) by the PCI Security Standards Council (PCI SSC) to assess organisations' compliance to the Payment Card Industry Data Security Standard (PCI DSS).  In addition, URM has also been accredited as a certification body by IASME to certify against the Government’s Cyber Essentials Scheme, both Cyber Essentials (certificate IASME-CE-014362) and Cyber Essentials Plus certificate (IASME-CEP-003133).

Data protection

Data protection is another area where URM excels.  With a 17-year track record assisting organisations to comply with legislation such as the Data Protection Act, the GDPR and local country-specific legislation, URM has earned a reputation for adopting a pragmatic and business appropriate approach which will enable you to embed data protection practices in business as usual.


To fully complement all of our governance, risk and compliance services is our cybersecurity consulting and  testing offering to help you identify threats to your information assets.  URM is a CREST-accredited organisation and delivers a wide range of penetration tests, including infrastructure and network, web application, mobile application and Cloud.  By combining cutting edge penetration tests with its governance, risk and compliance services, URM provides a holistic set of policy, process, technical and training solutions to help you address your security weaknesses. We were also one of the first organisations to achieve accreditation to the CREST OVS programme, meaning we are able to deliver Level 1 and Level 2 ASVS and MASVS assessments for web and mobile applications.

Risk management

Risk management is the cornerstone of any information security or business continuity management system and, since 2002, URM has been developing and refining its risk assessment methodologies and processes to address the requirements of international standards.  Our suite of purpose-designed risk assessment software products (Abriska) can help you not only satisfy the requirements of ISO 27001 and ISO 22301, but enable you to make better-informed decisions as to which people/policy/process/technical controls to implement. Abriska has underpinned approximately nearly 400 successful ISO certifications.

URM’s Core Values

URM has a number of values which reflect who we are and act as our guiding principles as we continue to grow.

Quality Driven

Our goal from day one has been to aspire to the highest levels of quality when delivering services and products to our clients, and to strive to constantly exceed expectations. We are uncompromising in our focus on consistently delivering excellence and taking pride in what we do.

Always Trustworthy

We endeavour to adhere to the highest standards of integrity and fiscal responsibility. We will always honour our commitments and act in the best interests of our clients. Equally, URM will be honest with both clients and employees alike and, if asked if we can do something that we know we can’t, we will say so. As an employer and partner, we pride ourselves on being fair, honest, transparent, thoughtful and respectful.

Responsive and Flexible

We believe our flexible, customer-centric approach is a major differentiator vis-a-vis our competitors. Our clients and partners can, for example, always expect a prompt and efficient response to any enquiry and for URM to be creative and resourceful in meeting their needs.

Continually improving

Within URM, there is a determination and tenacity to continually improve our processes, services and products. We constantly endeavour to find ways of becoming more effective, efficient and innovative, no matter how marginal those improvements may be. Clients can be assured that they are working with an organisation which is never complacent and is one that is free of arrogance and ego. We value and encourage feedback, so that we can fully understand where we need to improve and implement those changes.

Supportive Nature

With our strong team and collaborative working culture, URM can be relied upon for our support and resilience capabilities. We have strength in depth and will always aim to provide back up to the lead consultants. We are totally committed to sharing our knowledge and skills to improve the competence of our clients and our own team.

Expertise Assured

The quality of our services is inextricably linked to the expertise of our consultants, trainers and product developers. We are very proud of our recruitment and retention of a number of the UK’s leading practitioners within their respective fields. URM’s consultants are renowned not just for their technical knowledge, but their ability to apply and communicate that knowledge. The enthusiasm and passion for their subject is infectious.

Brief History

Starting as an information security division within a technical solution provider in 2002, we were established as a separate legal entity, Ultima Risk Management Ltd, three years later in July 2005.

Since 2005, URM has grown consistently and organically, establishing itself as one of UK’s leading GRC and cybersecurity testing providers.  

In August 2019, the name of the company was changed to URM Consulting Services Limited (URM) to match its recognised brand name.


URM is Certified to:
ISO 27001:2022 (certificate IS 536976)*
ISO 22301:2019 (certificate BCMS 594364)
Cyber Essentials (certificate IASME-CE-014362)
Cyber Essentials Plus (certificate IASME-CEP-003133)
URM is also CREST accredited as a penetration testing service provider

*In April 2023, URM became one of the first companies in the UK to certify to ISO 27001:2022

Office working hours
Contact information
Our experts are the ones to trust
when it comes to your cyber security