Latest News

  • 34

    Tips from URM – Scope

    One area we are often questioned about is scope.  How do you identify and then manage your scope?  This week’s tip focuses on just that! When you are looking at the processes associated with managing the security of your organisation’s information assets, there are a number of occasions where you will need to consider the […]

  • 32

    Tips From URM – Management Commitment

    In previous blogs, we have tackled a number of fundamental ISO 27001 components.  One of the most significant is management commitment and this week’s top tip will look at just that. Commitment from your leadership team is absolutely crucial to managing information security within your organisation.  In just the same way as pretty much any […]

  • 30

    Tips from URM – Information Assets – Part 2

    Our top tip last week focussed on a question which often crops up, ‘How do we approach asset identification within our information security risk assessment?’.  As we pointed out, there are 2 aspects to this question; ‘which assets do we include?’ and ‘how granular do we make the list?’.  This week’s top tip examines which […]

  • 28

    Tips From URM – Information Asset Granularity

    A question which comes up time and time again is ‘How do I approach asset identification within my information security risk assessment’.  Typically, this question is twofold; which assets to include and the depth or granularity.  This week’s top tip will look at granularity. In short, stay high level where possible.  Your goal, through the […]

  • 20

    Tips from URM – Understanding competence requirements

    Having assisted just short of 200 organisations achieve ISO 27001 certification, we are often asked about what we consider to be the critical steps or building blocks when implementing an effective information security management system.  Whenever we respond to the question, part of our answer is always “ensure you have the appropriate resources in place.” […]

  • 18

    Tips from URM – Three tips to help you simplify your risk management process

    A key role of risk management is helping organisations decide how limited resources can be most effectively used to address the most pressing business issues, e.g. threats to information security.  Where current resources are insufficient, risk management can help management decide on what extra budget or resources (including seeking help from third-party specialists) are required.  […]

  • 16

    Tips from URM – How can I demonstrate GDPR compliance?

    The easy way (if it was available!) would be to certify to an approved GDPR certification scheme.  The EU has stated that ‘Member states, supervisory authorities (such as the Information Commissioner’s Office in the UK), the European Data Protection Board (EDPB) and the Commission will promote certification as a means to enhance transparency and compliance […]

  • 13

    Tips from URM – Impact of Legislation/Regulation on your approach to risk

    Last year, we saw a significant advance in legislation/regulation surrounding data privacy and protection, (e.g. the GDPR and DPA 18) and cyber security, (e.g. the EU Network and Information Systems (NIS) directive). The new legislation will, undoubtedly, have an impact on your risk tolerance and balancing your ‘position’ against the impact of such legislation/regulation will […]

  • 12

    PCI DSS V4.0 is on its way

    So,  PCI DSS v4.0 has started its development journey and is expected to be released sometime late 2020.  The actual release date will largely depend on the feedback received during the development review process. So what is the development process?  From 6 September to 15 November 2017 (yes 2017!!!), the PCI Security Standards Council offered […]