GC RTS Assessment
URM is one of the UK’s most experienced and proficient information security auditing organisations and has been conducting RTS audits for over a decade.. When conducting and reporting on GC RTS audits, URM follows the guidance and advice provided by the GC. As such, the methodology for conducting audits will be based on enquiry, evidence and observation. In terms of observation, this is ideally carried out on site and there is an expectation from the GC, unless particular circumstances dictate, that a number of key controls are audited on site.
The evidence that will be required comprises policies, procedures and documents, such as an IT security policy supported by policies on user access, data backup, change management, cryptographic controls etc. URM will seek to gather evidence on specific audit areas such as network diagrams, software changes, reviews of penetration tests and vulnerability scans, audit log reviews and training records. We will look to conduct staff interviews and walkthroughs with evidence noted for selected processes
When reporting on audit results, URM adopts the same terminology as per ISO 27001 certification audits, i.e., major nonconformities, minor nonconformities and opportunities for improvement. For each control, URM will indicate what evidence was observed and whether your organisation conforms. If it doesn’t, URM will indicate the level of nonconformance. For all non conformances, URM will indicate what needs to be done to remedy the situation.
Get in touch
Please note, we can only process business email addresses.
Why URM?
Track record
URM is one of the UK’s most experienced and proficient information security auditors and has been conducting RTS audits for over a decade and has conducted hundreds of ISO 27001-related audits. URM has an unparalleled track record of assisting over 400 organisations to achieve and maintain certification to ISO 27001 and as such is perfectly placed to not only conduct audits but conduct gap analyses and help organisations remediate any gaps identified.
Assessor Competence
The Gambling Commission requires that the annual security audit is conducted by an independent and suitably qualified auditor. All of URM’s auditors hold one or more of the main recognised qualifications, e.g., ISO 27001 Lead Auditor, Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP). A number also hold the Payment Card Industry Qualified Security Assessor (PCI QSA) qualification. Furthermore, RTS audit reports are all peer reviewed before being submitted.
Achieving optimum balance
If used to remediate any gaps, URM’s goal is to achieve the optimum balance between meeting the RTS control requirements and ensuring the control (e.g., policy, process or other documentation) is tailored to your organisation’s size, culture and business objectives.
ISO 27001: How Certification Works
URM’s blog breaks down the ISO 27001 certification process, the roles of certification bodies and UKAS, what auditors look for during assessments, and more.
URM’s blog examines how ransomware occur, and highlights practical cyber security measures you can implement to reduce your exposure and mitigate security risk.
URM’s blog explores the ISO 27001 business continuity controls, why they matter, & how they can be effectively implemented to ensure conformance to the Standard
URM’s blog breaks down the six incident management-related controls in Annex A of ISO 27001, providing key guidance on how to implement each control.