Governance, Risk Management and Compliance

Everything You Need to Know about DSARs
Published ON:
9 Aug
2023

We are answering questions: what is a GDPR DSAR, what information can a data subject request, what should you do when you receive a DSAR, and many more.

Read more
ISO 27001 vs SOC 2 - Part 3
Published ON:
10 Jul
2023

3rd part of question and answer session where URM compared and contrasted 2 of the world’s leading information security standards, ISO 27001 and SOC 2.

Read more
ISO 27001 vs SOC 2 - Part 2
Published ON:
3 Jul
2023

2nd part of question and answer session where URM compared and contrasted 2 of the world’s leading information security standards, ISO 27001 and SOC 2.

Read more
Information Security
PUBLISHED ON:
21/6/2023
ISO 27001 vs SOC 2 - Part 1

URM delivered a question and answer session where it compared and contrasted 2 of the world’s leading information security standards, ISO 27001 and SOC 2.

Information Security
PUBLISHED ON:
22/5/2023
Top Tips For Implementing an Effective ISO 27001 Information Security Management System (ISMS)

URM provides some top tips for achieving an effective and successful information security management system implementation

Business Continuity
PUBLISHED ON:
27/4/2023
10 Ways COVID Has Impacted Business Continuity

In this blog, we are discussing the top 10 ways in which URM believes COVID-19 has impacted, influenced or affected business continuity (BC).

Data Protection
PUBLISHED ON:
6/4/2023
Chatbots and Personal Data: Benefits and Risks

This blog considers at high-level various possible legal ramifications of using Chatbots, especially ChatGPT, concerned with data protection risks.

Information Security
PUBLISHED ON:
14/3/2023
Preparing For a PCI DSS v4.0 Assessment

URM is sharing its experiences on how the changes to the PCI DSS v4 affect the assessment process and how organisations can best prepare for the differences.

Information Security
PUBLISHED ON:
15/2/2023
PCI DSS v4.0 and Multi-Factor Authentication

After the recent changes to PCI DSS v4.0 we're examining factors behind the greater utilisation of MFA, and what the key changes are in requirements.

Data Protection
PUBLISHED ON:
6/2/2023
Analysis of Fines Imposed by the Information Commissioner’s Office in 2022

When looking to comply with the General Data Protection Regulation (GDPR), it is always a worthwhile exercise....

Information Security
PUBLISHED ON:
28/10/2022
ISO/IEC 27001:2022 Key Changes

Following the publication of ISO/IEC 27001:2022 on 25 October 2022, this blog will provide you with our high-level analysis of the key changes.

Computer Screen
Data Protection
PUBLISHED ON:
5/10/2022
Avoiding Email Data Security Breaches

For all of us, email can be both a blessing and a curse. On one hand you have the speed and convenience of communication....

Information Security
PUBLISHED ON:
9/8/2022
5 Ways to Reduce Your PCI DSS Scope

Almost all organisations that implement the Payment Card Industry Data Security Standard (PCI DSS) struggle with the scope of the applicability....

Information Security
PUBLISHED ON:
9/8/2022
PCI DSS: Pros and Cons of Outsourcing

In this blog, we address one of the big questions facing organisations which accept payment cards....

Information Security
PUBLISHED ON:
9/8/2022
Benefits of PCI DSS Compliance

In recent blogs, we have focused on how best to ensure you comply with the PCI Data Security Standard....

Information Security
PUBLISHED ON:
8/8/2022
PCI Policies, Procedures and Evidence – What is expected?

While it’s one of the areas that IT and security departments find challenging, documentation (and compliant evidence)....

Information Security
PUBLISHED ON:
8/8/2022
Top 5 common pitfalls of PCI DSS compliance

As a Payment Card Industry Qualified Security Assessor (PCI QSA) company, we are often asked by organisations which process card payments....

Information Security
PUBLISHED ON:
8/8/2022
Preparing for a Report on Compliance (ROC)

There’s no getting away from the fact that preparing for a PCI DSS ROC can be a bit of a trial....

Information Security
PUBLISHED ON:
5/8/2022
What Are the Service Provider Levels

In this blog, we turn our attention to service providers. The PCI Security Standards Council defines a service provider....

Information Security
PUBLISHED ON:
5/8/2022
What Are the Merchant Levels

We are often asked, both by those new to PCI DSS and those who have been involved for a while....

Information Security
PUBLISHED ON:
5/8/2022
PCI DSS compliance as BAU (business as usual)

For an organisation to achieve and maintain compliance to the Payment Card Industry Data Security Standard (PCI DSS)....

Information Security
PUBLISHED ON:
5/8/2022
Can I Store Cardholder Data?

In this article, we aim to clarify what requirements the Payment Card Industry Data Security Standard (PCI DSS) places around....

Information Security
PUBLISHED ON:
5/8/2022
How can URM help you to achieve PCI compliance and what is our approach?

In our previous blog, we looked at where your PCI compliance journey starts. The first step is understanding the flow of your payment card data....

Information Security
PUBLISHED ON:
5/8/2022
PCI DSS – The Payment Card Data Security Standard – What is it?

Often referred to as the PCI DSS or quite simply PCI, the Standard was developed by the founding payment brands....

Information Security
PUBLISHED ON:
5/8/2022
PCI DSS Reduction and Assessment

The Payment Card Industry Security Standards Council (PCI SSC) defines scoping as “the process of identifying all system components....

Information Security
PUBLISHED ON:
4/8/2022
PCI DSS Remediation and Implementation

PCI remediation is an essential activity for any organisation wishing to fully comply.....

Information Security
PUBLISHED ON:
4/8/2022
PCI DSS Gap Analysis

URM’s PCI DSS gap analysis service is aimed at those organisations which are looking to benchmark....

Information Security
PUBLISHED ON:
27/7/2022
How Secure is Zoom?

Many organisations have had to adapt very quickly to the rapidly changing restrictions brought in across the globe to help combat the spread of COVID-19.

Information Security
PUBLISHED ON:
27/7/2022
Risk Management – What is it and What Role Does it Play in ISO 27001?

We are going to explore why the focus on a risk-based approach has helped turn ISO 27001, the International ISM Standard, into such a world-beater.

Information Security
PUBLISHED ON:
27/7/2022
How to Improve Your Password Management

One of the long-held beliefs underpinning many a password policy is that forcing a regular password change is a good thing.

Information Security
PUBLISHED ON:
27/7/2022
Difference Between Certified and Compliant ISO 27001 ISMS

There is some confusion about the difference between having an ISMS which is certified to ISO 27001 and one which is compliant or aligned to the Standard.

Information Security
PUBLISHED ON:
27/7/2022
What are the Basics of Internal Auditing?

With this blog, the spotlight turns to internal audit and specifically in the context of ISO 27001, the International Standard for ISM.

Information Security
PUBLISHED ON:
27/7/2022
How do You Avoid Information Security Breaches?

With the news often including stories regarding high-profile information security breaches, many of us find ourselves asking how we can avoid it.

Information Security
PUBLISHED ON:
27/7/2022
How Should You Onboard New IT Systems and Software?

This blog takes a look at onboarding information systems. When onboarding is mentioned will conclude it’s referring to people but there is a lot more to think

Information Security
PUBLISHED ON:
27/7/2022
How Do You Go About Your ISO 27001 Information Classification?

This blog talks about information classification. So, what exactly do we mean by information classification?

Information Security
PUBLISHED ON:
27/7/2022
What is the Difference Between IT and Information Governance?

In this blog, we are going to look at governance. We are regularly asked, ‘is information governance the same as IT governance?’

Information Security
PUBLISHED ON:
27/7/2022
How do you Identify and Then Manage Your ISMS Scope?

When managing the security of your organisation’s information assets, you will need to consider the scope of what you are doing.

Information Security
PUBLISHED ON:
27/7/2022
Should You Start Your ISO 27001 Programme with a Gap Analysis or a Risk Assessment?

The answer depends on your goals and knowledge of your current position. This blog will look at which is best and when.

Data Protection
PUBLISHED ON:
25/7/2022
How to Respond to a Data Subject Access Request (DSAR)

Let’s face it, there is nothing straightforward or simple about responding to a data subject access request (DSAR).

Data Protection
PUBLISHED ON:
25/7/2022
What is the UK International Data Transfer Agreement and What Are the Implications?

On 2 February 2022, the Information Commissioner’s Office (ICO) laid before Parliament changes around restricted international personal data transfers.

Data Protection
PUBLISHED ON:
25/7/2022
Data Subject Access Requests (DSARs) Services

One of the fundamental rights of an individual (data subject), under the UK GDPR is to be able to access and receive a copy of their personal information.

Data Protection
PUBLISHED ON:
25/7/2022
Data Transfer Risk Assessment

We are focussing on transfer risk assessments (TRAs), commencing with the background that led to their introduction and then addressing the five questions.

Data Protection
PUBLISHED ON:
25/7/2022
What is the GDPR?

The GDPR (EU) 2016/679 is an EU regulation which came into effect on 25 May 2018 and set a new benchmark for the processing of personal data.

Data Protection
PUBLISHED ON:
25/7/2022
The CJEU Declares the EU-US Privacy Shield Invalid and SCCs Valid

On 16 July 2020, the CJEU issued its judgement on the adequacy of both the Privacy Shield and standard contract clauses (SCCs).

Data Protection
PUBLISHED ON:
25/7/2022
What is the Purpose of ISO 27701 and What Benefits Does it Bring?

The need for guidance on how organisations should best protect privacy and manage personal information has never been more pertinent.

Data Protection
PUBLISHED ON:
25/7/2022
ISO 27701:2019 and the GDPR

The EU GDPR and the UK DPA both require organisations to protect and ensure the privacy of any personal data which they process.

Data Protection
PUBLISHED ON:
25/7/2022
In-house Resource vs Virtual DPO

This blog takes a look at DPOs and considers when to look in-house and when a virtual, external resource or hybrid resource may be a better option.

Data Protection
PUBLISHED ON:
25/7/2022
Data Subject Access Requests (DSARs) – The Need for Education and Centralised Processes

We discuss the importance of ensuring that your whole organisation can identify a DSAR and the benefits of controlling the entry points of DSARs.

Data Protection
PUBLISHED ON:
22/7/2022
Verifying the Identity of Someone Requesting Information Under the GDPR

We look at the requirement within both the DPA and the GDPR to verify the identity of an individual making a request before acting or releasing information

Data Protection
PUBLISHED ON:
22/7/2022
Data Protection and Management System Standards – Which is Best for Me?

Is there a catch-all international standard that effectively proves external verification of data protection compliance?

Data Protection
PUBLISHED ON:
22/7/2022
Transferring Personal Data Outside of the EEA

This blog looks at a very specific area of the GDPR - Article 28 and data transfer outside of the EEA.

Data Protection
PUBLISHED ON:
22/7/2022
Supply Chain Compliance with the GDPR

This blog focuses on an aspect of the GDPR which can be particularly challenging for a number of organisations.

Data Protection
PUBLISHED ON:
22/7/2022
What is the Difference Between Personal Data and Sensitive Personal Data?

There is some confusion about the difference between personal data and sensitive personal data and even whether sensitive personal data exists as a term!

Data Protection
PUBLISHED ON:
22/7/2022
Tips on Demonstrating UK GDPR Compliance

We provide some questions which should help you in determining your level of compliance with the GDPR

Data Protection
PUBLISHED ON:
22/7/2022
Are you adequately covering GDPR within your ISMS?

We have seen an increased focus on the General Data Protection Regulation (GDPR) by certification body (CB) assessors when conducting ISO 27001 audits.

Information Security
PUBLISHED ON:
22/7/2022
What are the Most Common Insider Threats to Information Security?

Broadly speaking, information security is held up by three pillars – People, Process and Technology. It is widely accepted that humans are the weakest link

Data Protection
PUBLISHED ON:
21/7/2022
BS 10012:2017 – What are the Benefits and How Do I Achieve Certification

BS 10012 is a standard which has been developed to enable organisations to implement a personal information management system (PIMS).

Data Protection
PUBLISHED ON:
21/7/2022
Gaining Senior Management Buy-In to GDPR Compliance

Why can it still be challenging to gain traction on your GDPR compliance project?

Data Protection
PUBLISHED ON:
21/7/2022
THE GDPR – 5 Myths Dispelled

The adoption of the General Data Protection Regulation (GDPR) in April 2016 had wide-ranging impacts. These affect all organisations.

Information Security
PUBLISHED ON:
21/7/2022
ISO 27002:2022 Update

The purpose of ISO 27002 is to provide organisations with guidance on selecting, implementing and managing information security controls.

Information Security
PUBLISHED ON:
21/7/2022
What are the Primary Objectives of the Controls Detailed in Annex A of ISO 27001:2013?  

Annex A of ISO 27001 comprises 114 controls which are grouped into the following 14 control categories.

Information Security
PUBLISHED ON:
21/7/2022
Everything You Need to Know About ISO 27001 Certification

As with all ISO standards, it has been developed by a panel of experts and provides a specification for the development of a ‘best practice" ISMS

Information Security
PUBLISHED ON:
21/7/2022
How Do You Implement a Successful ISMS?

Executing your decision to use an information security management system (ISMS) to manage the security of your information assets is a project. It is not.

Information Security
PUBLISHED ON:
20/7/2022
10 Top Tips for Keeping Information Secure When Homeworking

In this blog, we aim to provide 10 top tips to enable you to keep important information assets safe and secure whilst working remotely.

Information Security
PUBLISHED ON:
20/7/2022
5 Common Fallacies Associated with ISO 27001 Certification

There are many good reasons to implement an information security management system (ISMS) and get it certified to ISO 27001.

Information Security
PUBLISHED ON:
20/7/2022
Information Security Management Systems, ISO 27001 and the Benefits of Implementation

In this blog, we’re going back to basics and looking at some of the fundamentals of information security and ISO 27001.

Information Security
PUBLISHED ON:
20/7/2022
How Do You Gain Top Management Commitment?

In this blog, we’ll take a look at management commitment, one of the most significant.

Information Security
PUBLISHED ON:
20/7/2022
How do You Develop and Implement an Incident Management Plan?

Due to the increased use of technologies and the ‘human’ involvement, it is inevitable we are all going to face more and more information security incidents.

Information Security
PUBLISHED ON:
20/7/2022
How do I Approach Asset Identification Within My Information Security Risk Assessment?

Typically, this question is twofold; which assets to include and the depth or granularity. In this blog, we will look at granularity.

Information Security
PUBLISHED ON:
20/7/2022
What Are the Critical Steps When Implementing an Effective Information Security Management System?

URM assisted over 350 organisations achieve ISO 27001 certification, here are the critical steps when implementing an effective information security system.

Information Security
PUBLISHED ON:
20/7/2022
Three Tips to Help you Simplify your Risk Management Process

A key role of risk management is helping organisations decide how limited resources can be most effectively used to address the most pressing business issues.

Information Security
PUBLISHED ON:
19/7/2022
How Do You Meet the Asset Management Requirements of IS0 27001?

In order to meet the requirements of ‘Asset management’ A.8 from Annex A of ISO 27001, it is necessary to identify organisational assets and define protection

Information Security
PUBLISHED ON:
19/7/2022
How do you Categorise Your Assets When Conducting an Information Security Risk Assessment?

‘How do we approach asset identification within our information security risk assessment?’. This blog examines which assets or asset types to include.

Fist bump
Information Security
PUBLISHED ON:
18/7/2022
What are the ‘Real World’ Benefits of Implementing ISO 27001?

In this blog, we want to dig a bit deeper into the benefits that are gained from implementing the Standard and from achieving certification...

Information Security
PUBLISHED ON:
18/7/2022
Key Things You Should Know About ISO 27001

ISO 27001 is a standard for Information Security Management that provides any organisation with a framework to protect most valuable assets.

Man behind the laptop
Information Security
PUBLISHED ON:
21/6/2022
PCI SSC Remote Assessment Guidelines and Procedures

We address a number of key questions: What are the Main Contents? What Led to it Being Published? And others.

Security padlock reflected in glasses
Data Protection
PUBLISHED ON:
21/6/2022
When and How to Conduct a Data Protection Impact Assessment (DPIA)

A DPIA delivers a pre-emptive approach to assessing these risks, and can prevent a data breach occurring. We present an outline of steps in conducting a DPIA

Laptop and Secure Banking Device PINsentry
Information Security
PUBLISHED ON:
13/6/2022
PCI DSS v4 – Changes at a Glance

After several years wait, and to surprisingly little fanfare, the PCI SSC released the new version of the PCI Data Security Standard (DSS).

EU and UK flags
Data Protection
PUBLISHED ON:
13/6/2022
UK International Data Transfer Agreement

DTA and the UK Addendum to the current European Commission’s SCCs re the next steps in providing a transfer tool for complying with the UK GDPR.

ROPA Spreadsheet
Data Protection
PUBLISHED ON:
10/6/2022
How to Create a Record of Processing Activities (ROPA)

In this blog, we will outline a step-by-step procedure on how you can create a ROPA.

ROPA Spreadsheet
Data Protection
PUBLISHED ON:
8/6/2022
Who Needs a ROPA and Why?

Under the UK GDPR, the majority of organisations processing personal data are required to create and maintain a ROPAs

Padlock on the blue circuit board
Information Security
PUBLISHED ON:
27/5/2022
What is ISO 27001?

ISO 27001 is the International Standard for Information Security Management. It provides organisation with a framework and an approach to protecting assets

Handshake
Information Security
PUBLISHED ON:
25/5/2022
Benefits of Implementing ISO 27001

What are the Benefits of Implementing ISO 27001? We dig a bit deeper on the benefits that are gained from implementing the standard.

Cubes stack one on the top of another create word RISK
Information Security
PUBLISHED ON:
25/5/2022
Asset identification within RA

A question which comes up time and time again is ‘How do I approach asset identification within my information security risk assessment’.

No items found.
"
Very Enjoyable and Informative. Thank you!
Webinar 'GDPR - Back to Basics'
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.