URM prides itself in providing tailored, appropriate and pragmatic consultancy services, specialising in the areas of information security, business continuity and risk management.

Our overarching goal is to assist you achieve the level of information security, business continuity and/or risk management that is commensurate with the objectives, goals and appetite of your business as a whole.

This is where the collective experiences and pragmatic approaches of our consultants come into their own; ensuring that the right level of resources (time, money and people) are committed to implementing the most appropriate and sustainable solution.

A particular niche skill of URM is assisting organisations comply, or certify, with ISO 27001 and ISO 22301 (International Standards for Information Security and Business Continuity respectively) and comply with PCI-DSS, the Payment Card Industry Data Security Standard.

Our main objective with any compliance/certification project is to work closely with you to ensure that any implementations not only meet the Standards’ requirements, but are also appropriate and relevant to your organisation’s culture and size..

URM's internal information management system is certified to both ISO 27001:2013 (certificate IS 536976) and ISO 22301:2012 (certificate BCMS 594364).

URM’s Consultancy Approach


Based on our extensive implementation experience, we believe information security and business continuity can only be really effective when fully integrated into your day to day activities and where top management plays an active role in strategy and development.

Our first goal is to ensure we have a comprehensive understanding of your organisation’s business goals and objectives in order to ensure any solutions are relevant and appropriate to you.

Adopting a Risk-Based Approach

This is the area where we believe we can add the greatest value to organisation's. Since 2002, we have been developing and honing our risk assessment methodologies and software tools to enable you to identify your greatest information security or business continuity risks, in a scientific but practical and understandable manner.

By adopting such an approach, you will be able to save time and money by prioritising and implementing controls (technical, people, policy and process-related) which are appropriate and relevant to you.

Team of Experienced Practitioners

All of our consultants have extensive implementation experience, often working as IS, BC or Data Protection managers or in the risk/compliance area.

As well as bringing knowledge of best practice standards, they also bring experience of implementing and embedding practices and controls into the fabric of an organisation, ensuring they are seen as ‘business as usual’ and adding tangible value..

Continuous Improvement

Since our inception, we have fully embraced the concept of continuous improvement and are constantly learning from our implementation experiences.

We are always looking to improve and refine our approach so you can benefit from how we have overcome different hurdles and challenges in the past.

Collaborative working and transferring knowledge

A key aspect of our consultative approach is to transfer as much knowledge and skills as we can whilst working with you, thus enabling you to become self-sufficient in developing your information security, business continuity or risk management working practices.

Naturally, our wide range of professional certificate training courses in information security, ISO 27001, data protection and risk management will not only help in developing your knowledge but also enable you to acquire a certificate to demonstrate your competencies.


If you are looking to comply or certify with ISO 27001, ISO 22301, talk to us about how best
to do that and, should you need help, how URM can help you