PCI DSS v4.0: Forced Password Changes and Zero Trust Architecture
URM’s blog drills down into the PCI DSS v4.0 requirements around forced password changes, with a particular focus on the addition of zero-trust architecture.
URM’s blog discusses changes to the SCCs British organisations can use to legitimise restricted transfers of data under the UK GDPR
URM’s blog discusses the changes to the requirements around threat intelligence in ISO 27001:2022 and what certified organisations will need to do differently.
URM provide 10 actionable top tips that will allow you to take significant steps forward in your compliance journey.
URM’s blog explains how the principles of confidentiality, integrity and availability (CIA) can help align your information security controls with best practice
URM’s blog outlines the DP concerns around the use of facial recognition technology (FRT), and offers guidance on making sure your FRT use is GDPR compliant.
URM’s blog outlines the 6 of the key steps you can take to successfully implement an ISO 27001 conformant information security management system.
URM’s blog breaks down the fines issued by the ICO in 2023 for data protection breaches, highlighting emerging trends in their approach to enforcing compliance.
URM’s blog provides detailed guidance on aligning an existing control framework with ISO 27001, allowing you to certify and capitalise on previous work.
URM discusses an interview with the Information Commissioner, John Edwards, and the background of the penalty fine imposed on the Ministry of Defence (MOD).
URM answers key questions around data transfer impact assessments (DTIAs), providing detailed guidance on the best practice approach to conducting them.
URM explains benefits of implementation and applications of ISO 13485:2016 - standard for Quality Management for Medical Devices.
URM answers key questions around data protection impact assessments (DPIAs), providing detailed guidance on the best practice approach to conducting them.
Are you getting the best value out of your penetration testing? URM’s blog discusses alternative approaches to penetration testing.
URM details Clearview AI’s successful appeal against the ICO imposing a £7.5 million fine for breach of the UK GDPR and their grounds for reversing the ruling.
URM’s provides detailed guidance on how to conduct a business impact analysis (BIA) and ensure your business continuity plans are based on a solid foundation.
Meeting the new payment page requirements in PCI DSS v4.0 may seem tricky. URM provides detailed guidance on implementation and effective payment page security.
Everything you need to know about PCI DSS v4.0: With a particular focus on some of the more challenging requirements such as MFA and payment page scripts.
Transitioning to PCI DSS v4.0 sooner rather than later has its advantages and disadvantages, in this article URM explores both sides of the argument.
If your organisation is looking to transition to ISO 27001:2022, URM’s blog provides practical and invaluable guidance on meeting the new requirements.
Some organisations are using artificial intelligence (AI) to help respond to DSARs. But can AI provide a full and robust solution?
URM can offer a host of consultancy services to help you managing DSARs, DPIAs ROPAs, privacy notices, data retention schedules and training programmes.
URM offers specialised business-led pen testing services in addition to more traditional testing approaches. These tests are tailored to your organisation’s unique concerns and requirements, often providing greater value and better outcomes.
As a long-established PCI QSA, URM is able to deliver a full PCI QSA-led audit and produce a report on compliance (RoC) as well as deliver a full QSA-led self-assessment questionnaire (SAQ)