Over the last 20 years, URM has worked with organisations of all sizes and from a wide range of market sectors in helping them to achieve and maintain certification with international standards, such as ISO 27001 (information security), ISO 22301 (business continuity), Cyber Essentials and Cyber Essentials Plus, preparing for a SOC 2 audit as well as complying with standards such as the Payment Card Industry Data Security Standard (PCI DSS) and complying with regulations such as the GDPR.
Here we provide a number of case studies from a cross-section of those organisations. In each case study we examine business drivers, challenges, key success criteria and benefits derived. Cumulatively, they provide some invaluable lessons and pointers for those organisations embarking on their certification journeys.
ISO 27001, ISO 22301, ISO 20000 and PCI DSS consultancy and product-related case studies
URM is one of the UK's most trusted training providers in the areas of information security and governance. Check our training program.
Find out more
How URM can help?
Information Security
Developing or reviewing your AI management framework?
Whether you are at an early planning stage or preparing for audit and assurance activities, we offer a free introductory call to help you assess risks, responsibilities, and the most proportionate route forward.
Read more
Information Security
Planning for ISO 42001, the EU AI Act, or broader AI risk frameworks?
A short, free, non‑commitment call can help you clarify scope, understand regulatory expectations, and align your approach across standards such as ISO 42001 and NIST AI RMF. Early guidance often saves time and avoids fragmented compliance efforts.
Read more
Information Security
Unsure how to approach ISO 42001 or AI governance more broadly?
You do not need a fully defined programme to speak with us. We offer a free, no‑obligation call to help you understand ISO 42001 requirements, assess your current AI governance maturity, and identify practical next steps.
Read more
"
We have been running with the Abriska risk management system for just over a year and are very pleased with how it has facilitated the management of risk within our organisation. It provides a consistent and objective mechanism for identifying and treating risks and for following up and controlling actions put in place to mitigate them. It is easy to use and thus encourages engagement by all users so that risk is managed on a “real time” basis. The system of alerts and reminders ensures that actions are completed in a timely manner. Abriska scores very highly on availability and responsiveness. A very good product with excellent customer support when needed.