Our overarching goal is to assist you achieve the level of information security, business continuity and/or risk management that is commensurate with the objectives, goals and appetite of your business as a whole.
This is where the collective experiences and pragmatic approaches of our consultants come into their own; ensuring that the right level of resources (time, money and people) are committed to implementing the most appropriate and sustainable solution.
A particular niche skill of URM is assisting organisations comply, or certify, with ISO 27001 and ISO 22301 (International Standards for Information Security and Business Continuity respectively) and comply with PCI-DSS, the Payment Card Industry Data Security Standard.
Our main objective with any compliance/certification project is to work closely with you to ensure that any implementations not only meet the Standards’ requirements, but are also appropriate and relevant to your organisation’s culture and size.
URM’s Consultancy Approach
Based on our extensive implementation experience, we believe information security and business continuity can only be really effective when fully integrated into your day to day activities and where top management plays an active role in strategy and development.
Our first goal is to ensure we have a comprehensive understanding of your organisation’s business goals and objectives in order to ensure any solutions are relevant and appropriate to you.
Adopting a Risk-Based Approach
This is the area where we believe we can add the greatest value to organisations. Since 2002, we have been developing and honing our risk assessment methodologies and software tools to enable you to identify your greatest information security or business continuity risks, in a scientific but practical and understandable manner.
By adopting such an approach, you will be able to save time and money by prioritising and implementing controls (technical, people, policy and process-related) which are appropriate and relevant to you.
Team of Experienced Practitioners
All of our consultants have extensive implementation experience, often working as IS, BC or Data Protection managers or in the risk/compliance area.
As well as bringing knowledge of best practice standards, they also bring experience of implementing and embedding practices and controls into the fabric of an organisation, ensuring they are seen as ‘business as usual’ and adding tangible value.
Since our inception, we have fully embraced the concept of continuous improvement and are constantly learning from our implementation experiences. We are always looking to improve and refine our approach so you can benefit from how we have overcome different hurdles and challenges in the past.
Collaborative Working and Transferring Knowledge
A key aspect of our consultative approach is to transfer as much knowledge and skills as we can whilst working with you, thus enabling you to become self-sufficient in developing your information security, business continuity or risk management working practices.
With our interim management service, URM is able, at short notice, to provide you with a highly skilled and experienced management resource. URM’s interim managers are typically provided for a limited period to manage change or transition, or temporarily fill a critical skills gap.
Our specialists in the areas of information security, data protection and business continuity will not just offer advice and make recommendations, but will also take on full line management responsibilities and will implement key strategy and solutions.
Available full or part-time, URM’s interim managers can help to provide cover for absence or while you recruit a permanent resource, as well as managing a specific project (e.g. implementing a management system or complying with a new regulation), or addressing a turnaround or change requirement.