URM Whitepapers

Viewpoints provide you with URM’s perspective and insights on topical and challenging issues. A major focus of URM viewpoints is interpreting and satisfying the requirements of standards such as ISO 27001, 22301 and PCI DSS. Our opinions are independently formed and heavily influenced by our extensive practical experiences of what has worked and not worked across a range of different scenarios and organisations.

  • PCI DSS upcoming new requirements

    When the Payment Card Industry Security Standards Council (PCI SSC) released version 3.2 of the PCI Data Security Standard (DSS), it introduced a number of requirements which were future dated in terms of being mandatory rather than just being examples of considered best practice. The reason for this was to provide organisations which accept payment cards with the time to make the necessary changes and investments to comply with these requirements. The deadline set for these requirements to come into force is 31 January 2018. Furthermore, there does not appear to be any ‘stay of execution’ from the PCI SSC. There have been a number of regional PCI conferences, most recently one held in the Asia-Pacific Region in May, where there was no indication of any extension of the deadline or any pending changes. Geraint Williams, PCI DSS Lead at URM, reviews here those future dated requirements and explores the issues around implementing and meetingthem. Currently, all future dated requirements are considered best practice and it is recommended that all impacted organisations implement them as soon as is practicable.

  • Brexit Risk Survey Report

    One of the greatest sources of uncertainty for many UK organisations today is Brexit. It has the potential to affect all aspects of an enterprise from human resources management, finance and supply chain through to marketing, IT and information management. To establish how organisations are approaching the challenge, URM conducted an online survey with its customers and wider contacts and documented the findings in this new report. You will learn about the nature of impacts experienced to date, identified areas of exposure, and the benefits secured through adopting a structured approach to risk management, particularly in respect of senior management engagement.

  • Ensuring Your Information Security Management System (ISMS) Scope is Appropriate for ISO 27001:2013

    With the introduction of ISO 27001:2013 and changes being made to scoping requirements and the ‘context of the organization’, establishing an appropriate and meaningful scoping statement has taken on greater importance. With this in mind, URM has produced a ‘Viewpoint’ document providing its perspective on the scoping requirements of the updated Standard.

  • Information Security Risk Assessment: Why Conduct Them and Avoiding Common Pitfalls

    URM's view on the importance of risk assessments and common mistakes made by organisations managing their risks.

  • Business Continuity Plans: How to Ensure Business Continuity Plans are Effective

    URM's view on the importance of business continuity plans and where to start.