Blog

URM’s blog breaks down the NIST CSF’s new Govern Function, its importance, and the policies, processes and activities you will need to have in place to comply.

URM’s blog offers key advice on what to expect from your SOC 2 audit in practice, the types of evidence you will need to provide, how best to prepare, and more.

URM’s blog explores the different forms of phishing attacks, the strategies used to exploit human vulnerabilities, & how to protect against these attacks.

URM’s blog explains the Government’s new proposed measures around ransomware attacks and payments, which organisations they would affect, & why they are needed.

URM’s blog reviews the ICO’s data protection enforcement actions in Jan-Jun 2025, outlining changes and emerging trends in its approach to enforcing compliance.

URM’s blog provides top tips for communicating in a crisis & developing an effective communications plan to help maintain business continuity during disruption.

URM’s blog explores Clause 5.1 of ISO 27001, what you must do to meet its requirements, and why leadership & commitment are vital to an effective ISMS.

URM’s blog breaks down the data protection aspects of body worn video cameras, and how to ensure your use of BWV is compliant with the GDPR.

URM’s blog explains what DCC is, how compliance with the scheme and the process to certification work, and the benefits to obtaining certification.

URM’s blog breaks down the ISO 27001 certification process, the roles of certification bodies and UKAS, what auditors look for during assessments, and more.

URM’s blog examines how ransomware occur, and highlights practical cyber security measures you can implement to reduce your exposure and mitigate security risk.

URM’s blog highlights the steps PRPs can take to prepare for the introduction of the STAIRs & ensure they are compliant when these requirements come into force.

URM’s blog explores the ISO 27001 business continuity controls, why they matter, & how they can be effectively implemented to ensure conformance to the Standard

URM’s blog outlines the practical measures you can take following Cyber Essentials certification to further enhance your information & cyber security posture.

URM’s blog breaks down the six incident management-related controls in Annex A of ISO 27001, providing key guidance on how to implement each control.

URM’s blog explores the practical benefits of by the Data (Use and Access) Act and how they may reduce the data protection compliance burden on organisations.

URM explains each control law firms must include in an information management and security policy that complies with the Lexcel Practice Management Standard.

URM’s blog explores how Cyber Essentials can help your legal practice enhance its security posture and achieve/maintain its SQM or Lexcel accreditation.

URM’s blog explores BC exercising, including why it is beneficial, the different types of exercises, when they should be conducted, and who should be involved.

URM’s blog explains Clause 8.3 of ISO 9001, its applicability, and the key considerations and practical steps required for conformance to this Clause.

URM’s blog explains the legal, regulatory & contractual controls in ISO 27001 & how they can be implemented in full conformance with the Standard.

URM explains the 8 information security management controls included within the ‘Organisational controls’ theme and how to prepare for an audit of each control

URM’s blog explores why the access controls in ISO 27001 matter, and how to implement each control in full conformance with both the Standard and best practice.

URM’s blog answers key questions about CE, focusing specifically on its technical requirements, use of BYOD, and how the scheme may change in the future.

URM’s blog explains the threat quantum computing poses to current encryption methods, how this may impact the PCI DSS, and how these challenges may be overcome.

URM’s blog explains the measures the Bill will introduce, the entities it will bring into regulatory scope & what the Bill could mean for your organisation.

URM’s blog explains the importance of the 5 supplier management controls in ISO 27001 & provides practical guidance on how to implement each control.

URM’s blog explains the GDPR’s requirements for privacy policies, the common mistakes organisations make with these policies & how to avoid them.

URM’s blog offers key advice on implementing the physical controls in Annex A of ISO 27001 and preparing for a successful physical controls audit.

URM’s blog breaks down the key data protection aspects to consider when sharing personal data with the police to ensure GDPR & Data Protection Act compliance.