Published
18
September
2023

The consequences of unauthorised access are varied. Apart from financial losses, there is a loss of customer confidence. Can penetration testing prevent this?

Read more
DSAR
Published
9/8/2023
Everything You Need to Know about DSARs

We are answering questions: what is a GDPR DSAR, what information can a data subject request, what should you do when you receive a DSAR, and many more.

Information Security
Published
10/7/2023
ISO 27001 vs SOC 2 - Part 3

3rd part of question and answer session where URM compared and contrasted 2 of the world’s leading information security standards, ISO 27001 and SOC 2.

Information Security
Published
3/7/2023
ISO 27001 vs SOC 2 - Part 2

2nd part of question and answer session where URM compared and contrasted 2 of the world’s leading information security standards, ISO 27001 and SOC 2.

Information Security
Published
21/6/2023
ISO 27001 vs SOC 2 - Part 1

URM delivered a question and answer session where it compared and contrasted 2 of the world’s leading information security standards, ISO 27001 and SOC 2.

Information Security
Published
22/5/2023
Top Tips For Implementing an Effective ISO 27001 Information Security Management System (ISMS)

URM provides some top tips for achieving an effective and successful information security management system implementation

Business Continuity
Published
27/4/2023
10 Ways COVID Has Impacted Business Continuity

In this blog, we are discussing the top 10 ways in which URM believes COVID-19 has impacted, influenced or affected business continuity (BC).

Data Protection
Published
6/4/2023
Chatbots and Personal Data: Benefits and Risks

This blog considers at high-level various possible legal ramifications of using Chatbots, especially ChatGPT, concerned with data protection risks.

Information Security
Published
14/3/2023
Preparing For a PCI DSS v4.0 Assessment

URM is sharing its experiences on how the changes to the PCI DSS v4 affect the assessment process and how organisations can best prepare for the differences.

Information Security
Published
15/2/2023
PCI DSS v4.0 and Multi-Factor Authentication

After the recent changes to PCI DSS v4.0 we're examining factors behind the greater utilisation of MFA, and what the key changes are in requirements.

Data Protection
Published
6/2/2023
Analysis of Fines Imposed by the Information Commissioner’s Office in 2022

When looking to comply with the General Data Protection Regulation (GDPR), it is always a worthwhile exercise....

Cyber Essentials
Published
24/1/2023
Cyber Essentials Scheme being Updated on 24 April 2023

On 23 January 2023, NCSC published an updated set of requirements, v.3.1 for the Cyber Essentials scheme....

Information Security
Published
28/10/2022
ISO/IEC 27001:2022 Key Changes

Following the publication of ISO/IEC 27001:2022 on 25 October 2022, this blog will provide you with our high-level analysis of the key changes.

Data Protection
Published
5/10/2022
Avoiding Email Data Security Breaches

For all of us, email can be both a blessing and a curse. On one hand you have the speed and convenience of communication....

Social Engineering
Published
6/9/2022
Guide to Phishing and How to Recognise a Phishing Attempt

We are hearing a lot about phishing and phishing attacks currently so, in this blog, we will take a step back....

Information Security
Published
9/8/2022
5 Ways to Reduce Your PCI DSS Scope

Almost all organisations that implement the Payment Card Industry Data Security Standard (PCI DSS) struggle with the scope of the applicability....

Information Security
Published
9/8/2022
PCI DSS: Pros and Cons of Outsourcing

In this blog, we address one of the big questions facing organisations which accept payment cards....

Information Security
Published
9/8/2022
Benefits of PCI DSS Compliance

In recent blogs, we have focused on how best to ensure you comply with the PCI Data Security Standard....

Information Security
Published
8/8/2022
PCI Policies, Procedures and Evidence – What is expected?

While it’s one of the areas that IT and security departments find challenging, documentation (and compliant evidence)....

Information Security
Published
8/8/2022
Top 5 common pitfalls of PCI DSS compliance

As a Payment Card Industry Qualified Security Assessor (PCI QSA) company, we are often asked by organisations which process card payments....

Information Security
Published
8/8/2022
Preparing for a Report on Compliance (ROC)

There’s no getting away from the fact that preparing for a PCI DSS ROC can be a bit of a trial....

Information Security
Published
5/8/2022
What Are the Service Provider Levels

In this blog, we turn our attention to service providers. The PCI Security Standards Council defines a service provider....

Information Security
Published
5/8/2022
What Are the Merchant Levels

We are often asked, both by those new to PCI DSS and those who have been involved for a while....

Information Security
Published
5/8/2022
PCI DSS compliance as BAU (business as usual)

For an organisation to achieve and maintain compliance to the Payment Card Industry Data Security Standard (PCI DSS)....

Information Security
Published
5/8/2022
Can I Store Cardholder Data?

In this article, we aim to clarify what requirements the Payment Card Industry Data Security Standard (PCI DSS) places around....

Information Security
Published
5/8/2022
How can URM help you to achieve PCI compliance and what is our approach?

In our previous blog, we looked at where your PCI compliance journey starts. The first step is understanding the flow of your payment card data....

Information Security
Published
5/8/2022
PCI DSS – The Payment Card Data Security Standard – What is it?

Often referred to as the PCI DSS or quite simply PCI, the Standard was developed by the founding payment brands....

Information Security
Published
5/8/2022
PCI DSS Reduction and Assessment

The Payment Card Industry Security Standards Council (PCI SSC) defines scoping as “the process of identifying all system components....

Information Security
Published
4/8/2022
PCI DSS Remediation and Implementation

PCI remediation is an essential activity for any organisation wishing to fully comply.....

Information Security
Published
4/8/2022
PCI DSS Gap Analysis

URM’s PCI DSS gap analysis service is aimed at those organisations which are looking to benchmark....

Information Security
Published
27/7/2022
How Secure is Zoom?

Many organisations have had to adapt very quickly to the rapidly changing restrictions brought in across the globe to help combat the spread of COVID-19.

Information Security
Published
27/7/2022
Risk Management – What is it and What Role Does it Play in ISO 27001?

We are going to explore why the focus on a risk-based approach has helped turn ISO 27001, the International ISM Standard, into such a world-beater.

Information Security
Published
27/7/2022
How to Improve Your Password Management

One of the long-held beliefs underpinning many a password policy is that forcing a regular password change is a good thing.

Information Security
Published
27/7/2022
Difference Between Certified and Compliant ISO 27001 ISMS

There is some confusion about the difference between having an ISMS which is certified to ISO 27001 and one which is compliant or aligned to the Standard.

Information Security
Published
27/7/2022
What are the Basics of Internal Auditing?

With this blog, the spotlight turns to internal audit and specifically in the context of ISO 27001, the International Standard for ISM.

Information Security
Published
27/7/2022
How do You Avoid Information Security Breaches?

With the news often including stories regarding high-profile information security breaches, many of us find ourselves asking how we can avoid it.

Information Security
Published
27/7/2022
How Should You Onboard New IT Systems and Software?

This blog takes a look at onboarding information systems. When onboarding is mentioned will conclude it’s referring to people but there is a lot more to think

Information Security
Published
27/7/2022
How Do You Go About Your ISO 27001 Information Classification?

This blog talks about information classification. So, what exactly do we mean by information classification?

Information Security
Published
27/7/2022
What is the Difference Between IT and Information Governance?

In this blog, we are going to look at governance. We are regularly asked, ‘is information governance the same as IT governance?’

Information Security
Published
27/7/2022
How do you Identify and Then Manage Your ISMS Scope?

When managing the security of your organisation’s information assets, you will need to consider the scope of what you are doing.

Information Security
Published
27/7/2022
Should You Start Your ISO 27001 Programme with a Gap Analysis or a Risk Assessment?

The answer depends on your goals and knowledge of your current position. This blog will look at which is best and when.

Data Protection
Published
25/7/2022
How to Respond to a Data Subject Access Request (DSAR)

Let’s face it, there is nothing straightforward or simple about responding to a data subject access request (DSAR).

Data Protection
Published
25/7/2022
What is the UK International Data Transfer Agreement and What Are the Implications?

On 2 February 2022, the Information Commissioner’s Office (ICO) laid before Parliament changes around restricted international personal data transfers.

Data Protection
Published
25/7/2022
Data Subject Access Requests (DSARs) Services

One of the fundamental rights of an individual (data subject), under the UK GDPR is to be able to access and receive a copy of their personal information.

Data Protection
Published
25/7/2022
Data Transfer Risk Assessment

We are focussing on transfer risk assessments (TRAs), commencing with the background that led to their introduction and then addressing the five questions.

Data Protection
Published
25/7/2022
What is the GDPR?

The GDPR (EU) 2016/679 is an EU regulation which came into effect on 25 May 2018 and set a new benchmark for the processing of personal data.

Data Protection
Published
25/7/2022
The CJEU Declares the EU-US Privacy Shield Invalid and SCCs Valid

On 16 July 2020, the CJEU issued its judgement on the adequacy of both the Privacy Shield and standard contract clauses (SCCs).

Data Protection
Published
25/7/2022
What is the Purpose of ISO 27701 and What Benefits Does it Bring?

The need for guidance on how organisations should best protect privacy and manage personal information has never been more pertinent.

Data Protection
Published
25/7/2022
ISO 27701:2019 and the GDPR

The EU GDPR and the UK DPA both require organisations to protect and ensure the privacy of any personal data which they process.

Data Protection
Published
25/7/2022
In-house Resource vs Virtual DPO

This blog takes a look at DPOs and considers when to look in-house and when a virtual, external resource or hybrid resource may be a better option.

Data Protection
Published
25/7/2022
Data Subject Access Requests (DSARs) – The Need for Education and Centralised Processes

We discuss the importance of ensuring that your whole organisation can identify a DSAR and the benefits of controlling the entry points of DSARs.

URM is one of the UK's most trusted training providers in the areas of information security and governance. Check our training program.
Find out more
"
This was really helpful. Lots of information and insight. Thank you!
Webinar 'ISO 27001:2022 – What’s new?'
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.