
ISO 27001 is the International Standard for Information Security Management that provides any organisation, irrespective of size or sector, with a framework and an approach to protecting...

Following the publication of ISO/IEC 27001:2022 on 25 October 2022, this blog will provide you with our high-level analysis of the key changes.

Annex A of ISO 27001 comprises 114 controls which are grouped into the following 14 control categories. Each of the 14 categories and provide you with a clear explanation of the primary objective...

The answer depends on your goals and knowledge of your current position. This blog will look at which is best and when.

The purpose of ISO 27002 is to provide organisations with guidance on selecting, implementing and managing information security controls, taking into account the organisation’s information security...

We have seen an increased focus on the General Data Protection Regulation (GDPR) by certification body (CB) assessors when conducting ISO 27001 audits. In the past, assessments typically focused on..

There are many good reasons to implement an information security management system (ISMS) and get it certified to ISO 27001. The most common is that customers or clients, or in some cases stakeholders

In order to meet the requirements of ‘Asset management’ A.8 from Annex A of ISO 27001, it is necessary to identify organisational assets and define appropriate protection ...
Having been involved in over 350 successful ISO 27001 certifications, URM is ideally placed to advise you on the essential activities and tasks you will need to carry out in order to maintain and improve your ISO 27001 auditing function and programme
If uncertain, URM is able to conduct a high-level GDPR gap analysis which will assist you understand your current levels of compliance and identify gaps and vulnerabilities.
URM can help you get ISO 27001 certification