ISO/IEC 27001:2022 Key Changes
Latest update:
23 Nov
2022

Following the publication of ISO/IEC 27001:2022 on 25 October 2022, this blog will provide you with our high-level analysis of the key changes.

Read more
What are the Primary Objectives of the Controls Detailed in Annex A of ISO 27001:2013?  
Latest update:
23 Nov
2022

Annex A of ISO 27001 comprises 114 controls which are grouped into the following 14 control categories. Each of the 14 categories and provide you with a clear explanation of the primary objective...

Read more
Fist bump
What are the ‘Real World’ Benefits of Implementing ISO 27001?
Latest update:
25 Oct
2022

In this blog, we want to dig a bit deeper into the benefits that are gained from implementing the Standard and from achieving certification...

Read more
Blog Preview Image
ISO 27001
updateD:
4/10/2022
Should You Start Your ISO 27001 Programme with a Gap Analysis or a Risk Assessment?

The answer depends on your goals and knowledge of your current position. This blog will look at which is best and when.

Blog Preview Image
ISO 27001
updateD:
4/10/2022
ISO 27002:2022 Update

The purpose of ISO 27002 is to provide organisations with guidance on selecting, implementing and managing information security controls, taking into account the organisation’s information security...

Blog Preview Image
ISO 27001
updateD:
23/9/2022
Risk Management – What is it and What Role Does it Play in ISO 27001?

We are going to explore why the focus on a risk-based approach has helped turn ISO 27001, the International Information Security Management Standard, into such a world-beater.

Blog Preview Image
PCI DSS 
updateD:
2/9/2022
PCI DSS v4 – Changes at a Glance

After several years wait, and to surprisingly little fanfare, the Payment Card Industry Security Standards Council (PCI SSC) released the new version of the PCI Data Security Standard (DSS) ...

Blog Preview Image
PCI DSS 
updateD:
24/8/2022
PCI SSC Remote Assessment Guidelines and Procedures

The PCI SCC has recently released a new remote assessment guidelines and procedures. Here we address a number of key questions: What are the Main Contents? What Led to it Being Published? And others.

Blog Preview Image
ISO 27001
updateD:
11/8/2022
What are the Basics of Internal Auditing?

With this blog, the spotlight turns to internal audit and specifically in the context of ISO 27001, the International Standard for Information Security Management.

Blog Preview Image
ISO 27001
updateD:
11/8/2022
What’s the Difference Between a Certified and a Compliant ISO 27001 Information Security Management System?

There is some confusion about the difference between having an information security management system (ISMS) which is certified to ISO 27001 and one which is compliant or aligned to the Standard.

Blog Preview Image
ISO 27001
updateD:
11/8/2022
How Secure is Zoom?

Many organisations have had to adapt very quickly to the rapidly changing restrictions brought in across the globe to help combat the spread of COVID-19 and, in a lot of cases, this has meant that...

Blog Preview Image
ISO 27001
updateD:
11/8/2022
How to Improve Your Password Management

One of the long-held beliefs underpinning many a password policy is that forcing a regular password change is a good thing.

Blog Preview Image
ISO 27001
updateD:
11/8/2022
How do You Avoid Information Security Breaches?

With the news often including stories regarding high-profile information security breaches, many of us find ourselves asking how we can we avoid hitting the headlines for all the wrong reasons.

Blog Preview Image
ISO 27001
updateD:
9/8/2022
How Do You Go About Your ISO 27001 Information Classification?

And how it can help avoid another Snowden Breach! This blog talks about information classification. So, what exactly do we mean by information classification?

Blog Preview Image
ISO 27001
updateD:
9/8/2022
What is the Difference Between IT and Information Governance?

In this blog, we are going to look at governance. We are regularly asked, ‘what do you mean by governance?’ or, ‘is information governance the same as IT governance?’

Blog Preview Image
ISO 27001
updateD:
9/8/2022
How Should You Onboard New IT Systems and Software?

This blog takes a look at onboarding information systems. When onboarding is mentioned in terms of information security, typically, most will conclude it’s referring to people...

Blog Preview Image
PCI DSS 
updateD:
9/8/2022
5 Ways to Reduce Your PCI DSS Scope

Almost all organisations that implement the Payment Card Industry Data Security Standard (PCI DSS) struggle with the scope of the applicability of the Standard. Even veterans of PCI DSS compliance...

Blog Preview Image
PCI DSS 
updateD:
9/8/2022
PCI DSS: Pros and Cons of Outsourcing

In this blog, we address one of the big questions facing organisations which accept payment cards and are looking to comply with the PCI DSS. Should we outsource the storing, processing and...

Blog Preview Image
PCI DSS 
updateD:
9/8/2022
Benefits of PCI DSS Compliance

In recent blogs, we have focused on how best to ensure you comply with the PCI Data Security Standard. However, this week we will look at what the benefits are of achieving and maintaining compliance…

Blog Preview Image
ISO 27001
updateD:
8/8/2022
How do you Identify and Then Manage Your ISMS Scope?

When you are looking at the processes associated with managing the security of your organisation’s information assets, there are a number of occasions where you will need to consider the scope of...

Blog Preview Image
ISO 27001
updateD:
8/8/2022
How Do You Gain Top Management Commitment?

In previous blogs, we have tackled a number of fundamental ISO 27001 components. In this blog, we’ll take a look at management commitment, one of the most significant.

Blog Preview Image
ISO 27001
updateD:
8/8/2022
How do I Approach Asset Identification Within My Information Security Risk Assessment?

This is a question which comes up time and time again. Typically, this question is twofold; which assets to include and the depth or granularity. In this blog, we will look at granularity.

Blog Preview Image
ISO 27001
updateD:
8/8/2022
What Are the Critical Steps When Implementing an Effective Information Security Management System?

Having assisted over 300 organisations achieve ISO 27001 certification, we are often asked about what we consider to be the critical steps when implementing an effective information security system.

Blog Preview Image
ISO 27001
updateD:
8/8/2022
Three Tips to Help you Simplify your Risk Management Process

A key role of risk management is helping organisations decide how limited resources can be most effectively used to address the most pressing business issues, e.g., threats to information security.

Blog Preview Image
PCI DSS 
updateD:
8/8/2022
PCI Policies, Procedures and Evidence – What is expected?

While it’s one of the areas that IT and security departments find challenging, documentation (and compliant evidence) is what makes for a happy and satisfied PCI Qualified Security Assessor (QSA)...

Blog Preview Image
PCI DSS 
updateD:
8/8/2022
Top 5 common pitfalls of PCI DSS compliance

As a Payment Card Industry Qualified Security Assessor (PCI QSA) company, we are often asked by organisations which process card payments what are main pitfalls to avoid in complying with...

Blog Preview Image
PCI DSS 
updateD:
8/8/2022
Preparing for a Report on Compliance (ROC)

There’s no getting away from the fact that preparing for a PCI DSS ROC can be a bit of a trial, and particularly for those who are experiencing their first visit from a QSA. Like most trials...

Blog Preview Image
PCI DSS 
updateD:
5/8/2022
What Are the Service Provider Levels

In this blog, we turn our attention to service providers. The PCI Security Standards Council defines a service provider a ‘business entity that is not a payment brand, directly involved in the...

Blog Preview Image
PCI DSS 
updateD:
5/8/2022
What Are the Merchant Levels

We are often asked, both by those new to PCI DSS and those who have been involved for a while, what is the difference between a merchant and a service provider, what are the ‘levels’ and what do...

Blog Preview Image
PCI DSS 
updateD:
5/8/2022
PCI DSS compliance as BAU (business as usual)

For an organisation to achieve and maintain compliance to the Payment Card Industry Data Security Standard (PCI DSS), the Payment Card Industry Security Standard Council (PCI SSC) encourages...

Blog Preview Image
PCI DSS 
updateD:
5/8/2022
Can I Store Cardholder Data?

In this article, we aim to clarify what requirements the Payment Card Industry Data Security Standard (PCI DSS) places around the protection of cardholder data (CHD) and, in particular, sensitive...

Blog Preview Image
PCI DSS 
updateD:
5/8/2022
How can URM help you to achieve PCI compliance and what is our approach?

In our previous blog, we looked at where your PCI compliance journey starts. The first step is understanding the flow of your payment card data – by that we mean where payment card information...

Blog Preview Image
PCI DSS 
updateD:
5/8/2022
PCI DSS – The Payment Card Data Security Standard – What is it?

Often referred to as the PCI DSS or quite simply PCI, the Standard was developed by the founding payment brands of the PCI Security Standards Council (SSC), including MasterCard Worldwide, Visa...

Blog Preview Image
PCI DSS 
updateD:
5/8/2022
PCI DSS Reduction and Assessment

The Payment Card Industry Security Standards Council (PCI SSC) defines scoping as “the process of identifying all system components, people, and processes to be included in a PCI DSS assessment to...

Blog Preview Image
PCI DSS 
updateD:
4/8/2022
PCI DSS Remediation and Implementation

PCI remediation is an essential activity for any organisation wishing to fully comply with the applicable 12 technical and operational control requirements of the PCI DSS. Whilst many PCI remediation

Blog Preview Image
PCI DSS 
updateD:
4/8/2022
PCI DSS Gap Analysis

URM’s PCI DSS gap analysis service is aimed at those organisations which are looking to benchmark their current corporate information security practices (relating to payment card data) against...

Blog Preview Image
ISO 27001
updateD:
22/7/2022
What are the Most Common Insider Threats to Information Security?

Broadly speaking, information security is held up by three pillars – People, Process and Technology. As threats to our information security (and particularly cyber-related threats) continue to emerge

Blog Preview Image
ISO 27001
updateD:
21/7/2022
Everything You Need to Know About ISO 27001 Certification

ISO 27001 is the International Standard for Information Security Management. As with all ISO standards, it has been developed by a panel of experts from across the globe and provides a specification

Blog Preview Image
ISO 27001
updateD:
21/7/2022
How Do You Implement a Successful ISMS?

The first and primary myth to dispel is that executing your decision to use an information security management system (ISMS) to manage the security of your information assets is a project. It is not.

Blog Preview Image
ISO 27001
updateD:
20/7/2022
10 Top Tips for Keeping Information Secure When Homeworking

Following on from COVID, working from home is now a standard working practice, but how do we go about it in a secure way. In this blog, we aim to provide 10 top tips to enable you to keep important

Blog Preview Image
ISO 27001
updateD:
20/7/2022
5 Common Fallacies Associated with ISO 27001 Certification

There are many good reasons to implement an information security management system (ISMS) and get it certified to ISO 27001. The most common is that customers or clients, or in some cases stakeholders

Blog Preview Image
ISO 27001
updateD:
20/7/2022
Information Security Management Systems, ISO 27001 and the Benefits of Implementation.

In this blog, we’re going back to basics and looking at some of the fundamentals of information security and ISO 27001, starting with the core ingredient, the information security management system...

Blog Preview Image
ISO 27001
updateD:
20/7/2022
How do You Develop and Implement an Incident Management Plan?

Due to the increased use of information technologies and the ‘human’ involvement (both malicious, accidental and incompetent!), it is inevitable we are all going to face more and more information...

Blog Preview Image
ISO 27001
updateD:
19/7/2022
How Do You Meet the Asset Management Requirements of IS0 27001?

In order to meet the requirements of ‘Asset management’ A.8 from Annex A of ISO 27001, it is necessary to identify organisational assets and define appropriate protection ...

Blog Preview Image
ISO 27001
updateD:
19/7/2022
How do you Categorise Your Assets When Conducting an Information Security Risk Assessment?

‘How do we approach asset identification within our information security risk assessment?’. This blog examines which assets or asset types to include and should be read...

Blog Preview Image
ISO 27001
updateD:
18/7/2022
Key Things You Should Know About ISO 27001

ISO 27001 is the International Standard for Information Security Management that provides any organisation, irrespective of size or sector, with a framework and an approach to protecting...

Blog Preview Image
ISO 27001
updateD:
23/6/2022
Asset identification within RA

A question which comes up time and time again is ‘How do I approach asset identification within my information security risk assessment’. Typically, this question is twofold; which assets to include

Blog Preview Image
ISO 27001
updateD:
23/6/2022
Benefits of Implementing ISO 27001

What are the Benefits of Implementing ISO 27001? We dig a bit deeper on the benefits that are gained from implementing the standard and from achieving certification.

Blog Preview Image
ISO 27001
updateD:
23/6/2022
What is ISO 27001?

ISO 27001 is the International Standard for Information Security Management. Effectively, it provides any organisation, irrespective of size or sector, with a framework and an approach to protecting..

"
Moving from our existing Pen Testers after 10 years was a difficult decision but I am really glad we did. It's been a pleasure working with you. The Pen Testing was extremely thorough and as hoped you were open to a collaborative deeper delve, far beyond what we were required to do for PCI DSS, which has been very useful.
Payment Service Provider
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.