Frazer Grudgings
|
Senior Consultant at URM
|
Published on
04
October
2024

URM’s blog explains why ‘people’ warrants its own control theme in ISO 27001 and how to prepare for a people controls audit, offering advice for each control.

Read more
Data Protection
Published on
27/9/2024
Data Protection Considerations for Monitoring Employees

URM’s blog offers key advice and detailed guidance on how to balance your organisation’s needs with GDPR compliance as you perform workplace monitoring.

Information Security
Published on
20/9/2024
ISO 27002, the Unsung Hero

URM’s blog explains what ISO 27002 is, how it can benefit your organisation, & how you can use it to support your implementation of an ISO 27001-conformant ISMS

Data Protection
Published on
13/9/2024
How to Conduct a Legitimate Interest Assessment (LIA)

URM’s blog discusses the importance of LIAs for maintaining compliance with the GDPR, as well as providing a step-by-step breakdown of how to conduct one.

Information Security
Published on
5/9/2024
Common Questions When Managing Supplier Information Security Risks

URM’s blog answers key questions on supplier risk management, with a particular focus on the aspects to consider once a supplier has been selected.

Data Protection
Published on
30/8/2024
The ICO Issues its First Notice of Intention to Fine a Data Processor

URM’s blog explores the first provisional monetary penalty imposed by the ICO exclusively on a data processor & the lessons that can be learned from the case.

Cyber Security
Published on
22/8/2024
Pitfalls to Avoid in your Penetration Testing Programme

URM’s blog explores common pen testing mistakes & how to avoid them, and simple improvements you can immediately implement to enhance your security posture.

Other Standards
Published on
16/8/2024
The EU Artificial Intelligence Act

URM’s blog breaks down the EU AI Act and discusses its scope, requirements, how it will be enforced, how it may impact the UK & the rest of the world, and more.

Information Security
Published on
8/8/2024
How to Conduct Effective Supplier Information Security Risk Management

URM’s blog provides a stage-by-stage breakdown of the key steps you will need to take to conduct effective supplier information security risk management.

Cyber Security
Published on
1/8/2024
10 Most Common Vulnerabilities Found in Pen Tests

URM’s blog outlines the top 10 most common vulnerabilities we identify when conducting pen tests, the associated risks, and how they can be fixed/avoided.

Information Security
Published on
25/7/2024
5 Golden Rules for Implementing ISO 9001

URM’s blog offers advice and guidance on how to implement and maintain an ISO 9001-aligned QMS and receive the maximum benefit from your investment.

Data Protection
Published on
18/7/2024
ICO Enforcement Action January – June 2024

URM’s blog reviews ICO enforcement activities for the 1st half of 2024, highlighting trends & shifts in how it enforces against data protection breaches.

Cyber Security
Published on
12/7/2024
Access Control, Administrative Accounts and Password-Based Authentication in the Cyber Essentials SAQ

URM’s blog offers advice on answering questions in the Cyber Essentials SAQ which relate to access control, admin accounts and authentication methods.

Information Security
Published on
10/7/2024
A Guide to the Certificate in Information Security Management Principles (CISMP)

URM’s blog discusses everything you need to know about the CISMP, including its benefits, who it’s suited to, the topics the CISMP covers, and more.

Data Protection
Published on
5/7/2024
Oral references now count as processing for GDPR purposes (in the EU at least)

URM’s blog explores a recent ECJ ruling which dictates that oral job references are covered by the GDPR

Cyber Security
Published on
27/6/2024
Getting the Most from Your Pen Tests - During and Afterwards

URM’s blog outlines the key steps you can take during and after a penetration test to improve your organisation’s security posture.

Other Standards
Published on
5/6/2024
ISO 42001 Artificial Intelligence Impact Assessments (AIIAs)

URM’s blog explores artificial intelligence impact assessments (AIIAs) and offers advice on how to conduct these assessments in full conformance with ISO 42001.

Data Protection
Published on
5/6/2024
Data Protection Considerations for Data Analytics

URM’s blog explores the data protection considerations for data analytics tools, and how to reap their many benefits while still maintaining GDPR compliance.

Information Security
Published on
4/6/2024
PCI DSS v4.0: Targeted Risk Analysis

URM’s blog dissects the new PCI DSS requirements around targeted risk analysis, what they involve, and how the 2 types of TRA in the Standard differ.

Information Security
Published on
3/6/2024
PCI DSS v4.0: Forced Password Changes and Zero Trust Architecture

URM’s blog drills down into the PCI DSS v4.0 requirements around forced password changes, with a particular focus on the addition of zero-trust architecture.

Cyber Security
Published on
31/5/2024
How to Get the Most From Your Penetration Tests

URM’s blog discusses how to prevent and mitigate the damage done by ransomware attacks, and how penetration testing can help your organisation avoid them.

Data Protection
Published on
29/5/2024
First official European response to the Data Protection and Digital Information Bill

URM’s blog explores the first formal European response to the DPDI Bill, and how the Bill may jeopardise the UK’s adequacy status when it reforms the UK GDPR.

Other Standards
Published on
17/5/2024
ISO 42001 and AI Perspectives

URM’s blog explores ISO 42001, its intentions and structure, and the AI perspectives that will need to be considered by organisations implementing the Standard.

Information Security
Published on
9/5/2024
Common Pitfalls Identified in Organisations Seeking ISO 27001 Certification

URM’s blog discusses the common pitfalls of the ISO 27001 implementation and certification process, and how you can avoid making the same mistakes.

Information Security
Published on
19/4/2024
Planning Your ISO 27001 Audit Programme

URM’s blog drills down into ISO 27001 audits, offering advice on how to effectively develop and implement an ISO 27001 conformant audit programme.

Data Protection
Published on
12/4/2024
Data Protection Considerations for Artificial Intelligence (AI)

URM’s blog discusses the data protection considerations for utilising AI technologies, and how organisations can stay GDPR compliant in their use of AI.

Information Security
Published on
11/4/2024
PCI DSS v4.0: Network Security Controls

URM’s blog explains the wording changes in Requirement of the PCI DSS v4.0, offering advice on how organisations can select and use the most appropriate NSCs.

Business Continuity
Published on
5/4/2024
How to Develop a Robust Business Continuity Plan

URM’s blog discusses the key steps to take in order to develop robust and effective business continuity plans which will enable you to recover from disruption.

Cyber Security
Published on
4/4/2024
I’ve Got my Cyber Essentials - Now What?

URM’s blog discusses the best next steps your organisation can take following Cyber Essentials certification to further enhance its security posture.

Cyber Security
Published on
28/3/2024
The Role of Penetration Testing in Preventing Ransomware Attacks

URM’s blog discusses how to prevent and mitigate the damage done by ransomware attacks, and how penetration testing can help your organisation avoid them.

Data Protection
Published on
27/3/2024
The Data Protection and Digital Information Bill No.2

URM’s blog discusses the Data Protection and Digital Information (DPDI) Bill, how it will diverge from the current GDPR, and the impact it may have when passed.

URM is one of the UK's most trusted training providers in the areas of risk management and business continuity. Check our training program.
Find out more
"
Cyber Essentials Plus was a great exercise for the business to go through as some gaps were found and URM provided valuable information on remediation.
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.