URM provides some top tips for achieving an effective and successful information security management system implementation
While it’s one of the areas that IT and security departments find challenging, documentation (and compliant evidence)....
In our previous blog, we looked at where your PCI compliance journey starts. The first step is understanding the flow of your payment card data....
Often referred to as the PCI DSS or quite simply PCI, the Standard was developed by the founding payment brands....
We are going to explore why the focus on a risk-based approach has helped turn ISO 27001, the International ISM Standard, into such a world-beater.
There is some confusion about the difference between having an ISMS which is certified to ISO 27001 and one which is compliant or aligned to the Standard.
This blog takes a look at onboarding information systems. When onboarding is mentioned will conclude it’s referring to people but there is a lot more to think
This blog talks about information classification. So, what exactly do we mean by information classification?
In this blog, we are going to look at governance. We are regularly asked, ‘is information governance the same as IT governance?’
When managing the security of your organisation’s information assets, you will need to consider the scope of what you are doing.
The answer depends on your goals and knowledge of your current position. This blog will look at which is best and when.
Broadly speaking, information security is held up by three pillars – People, Process and Technology. It is widely accepted that humans are the weakest link
Annex A of ISO 27001 comprises 114 controls which are grouped into the following 14 control categories.
As with all ISO standards, it has been developed by a panel of experts and provides a specification for the development of a ‘best practice" ISMS
In this blog, we aim to provide 10 top tips to enable you to keep important information assets safe and secure whilst working remotely.
There are many good reasons to implement an information security management system (ISMS) and get it certified to ISO 27001.
In this blog, we’re going back to basics and looking at some of the fundamentals of information security and ISO 27001.
Due to the increased use of technologies and the ‘human’ involvement, it is inevitable we are all going to face more and more information security incidents.
Typically, this question is twofold; which assets to include and the depth or granularity. In this blog, we will look at granularity.
URM assisted over 350 organisations achieve ISO 27001 certification, here are the critical steps when implementing an effective information security system.
A key role of risk management is helping organisations decide how limited resources can be most effectively used to address the most pressing business issues.
In order to meet the requirements of ‘Asset management’ A.8 from Annex A of ISO 27001, it is necessary to identify organisational assets and define protection
‘How do we approach asset identification within our information security risk assessment?’. This blog examines which assets or asset types to include.
In this blog, we want to dig a bit deeper into the benefits that are gained from implementing the Standard and from achieving certification...
We address a number of key questions: What are the Main Contents? What Led to it Being Published? And others.