URM’s blog explores the practical benefits of by the Data (Use and Access) Act and how they may reduce the data protection compliance burden on organisations.

Events

About Us

About URM

Overview

URM Core Values

Certifications

CSR

Testimonials

Partners

Our Partners

Become Partner

Subscribe to our mailing list

Consultancy

Information Security

ISO 27001 SOC 2 PCI DSS GC RTS SWIFT CSP NIST CMMC

Business Continuity

ISO 22301 Business Impact Analysis Plans Exercising

Data
Protection

GDPR Virtual DPO DSAR Redaction

Internal
Audit

Outsourced service Audit schedules Third party audit

Other
Standards ISO 42001

Cyber

Penetration Testing Infrastructure Web App and API Cloud Mobile App Business-Led

Cyber Essentials

Cyber Essentials Cyber Essentials Plus CE Assessment Cyber Advisor CE Certified via URM

Vulnerability Scanning

Vulnerability Scanning ASV Scanning

Social
Engineering

Social
engineering

Cyber Incident

cyber
Incident Exercising

Products

Abriska 27001 Information Security Risk Management FAQ

Abriska 27036 Supplier
Risk Management FAQ

Abriska 31000 Enterprise Risk Management FAQ

Abriska 19011 Audit
and Action Management FAQ

Abriska 22301 Business Continuity Management FAQ

Alurna
‍ONLINE Awareness Training FAQ PRICING

Training

Information
Security CISMP introduction to
ISO 27001 Migration to
ISO 27001:2022 transition to
ISO 27001:2022

Data Protection
and GDPR CDP DPIA DSAR DTIA

Risk
Management PCIRM

Other Standards introduction to ISO 42001

Schedule
‍Upcoming
Courses

Resources

About

About Overview URM’s Core Values Brief history certifications

Testimonials consultancy Cyber products Training

Partners Our Partners Become partner

Contact Contact URM Terms of business Privacy Policy Cookie Policy

URM NEWS

January 2023

Cyber Essentials Scheme Being Updated on 24 April 2023

URM’s consultants have assisted over 400 organisations achieve and maintain certification to ISO 27001.

Find out more

Latest BLog

Governance, Risk Management and Compliance

Information Security

ISO 27001

ISO 27001:2022 - A.5 Organisational Controls (Supplier Management)

Latest update:

27 Jun

2025

URM’s blog explains the importance of the 5 supplier management controls in ISO 27001 & provides practical guidance on how to implement each control.

Information Security

updateD:

27/6/2025

ISO 27001:2022 - A.5 Organisational Controls (Access Management)

URM’s blog explores why the access controls in ISO 27001 matter, and how to implement each control in full conformance with both the Standard and best practice.

Information Security

updateD:

27/6/2025

ISO 27001:2022 - A.5 Organisational Controls (Information Security Management)

URM explains the 8 information security management controls included within the ‘Organisational controls’ theme and how to prepare for an audit of each control

Cyber Security

updateD:

26/6/2025

Cyber Essentials Questions Answered: Technical Requirements, BYOD Compliance and the Future of the Scheme

URM’s blog answers key questions about CE, focusing specifically on its technical requirements, use of BYOD, and how the scheme may change in the future.

After a bad experience with a previous provider, we looked to URM for QSA support. The URM QSA we have worked with is phenomenal, and considerably better than our previous QSAs. My team enjoy working with him, and find him to be extremely credible and effective.

Ambrose Neville

CISO at University of Surrey