Top Tips

  • Data Transfer, gdpr, data protection , information security, infosec,, infosecurity

    Data Transfer – Are Standard Contractual Clauses Sufficient?

    Are Standard Contractual Clauses Sufficient? This week’s top tip looks at a very specific area of GDPR – Article 28 to be precise and data transfer outside of the EEA. One of the ways in which you can legitimise an ex-EEA data transfer is by using the standard contractual clauses (SCCs).   Article 28 mandates […]

  • Quick and simple BC exercises, practica advice with regards to Business Continuity , ISO 22301 ISO International Standard, , top tip,

    Tips from URM – Quick and simple BC exercises

    In a previous blog we looked at the different types of exercise you can utilise to validate your business continuity approach.  This week’s top tip focuses on the desk check and facilitated discussion.   At the simplest level, within any good business continuity (BC) exercise programme, lie the following two types of exercise:   A […]

  • ICO fines BA £183m fines can be levied for administrative and governance failures, not just data security breaches. Are you doing enough in reviewing and implementing appropriate information security and privacy management controls to limit the potential impact to your organisation?

    Tips from URM – Reviewing and Implementing Management Controls

    ICO fines BA £183m There are enough articles out there regurgitating the news about the BA data breach which we aren’t going to repeat.  For us the message is simple, and let’s make no bones about it, the Commissioner has enhanced powers under DPA 18/GDPR and clearly intends to use them.   Prior to this […]

  • 51

    Data Protection – What is the current focus?

    This week’s top tip focuses on data protection and the value of the information you can find on the Information Commissioner’s Office (ICO) website.   There is a wealth of information available on the ICO’s website, however, probably one of the most visited areas is ‘Action We’ve Taken’.  In particular, the enforcement notices, audits, advisory […]

  • Latest recovery disaster, expect the unexpected, Business COntinuity, Thames Water,South American Power Cut, floods, ISO 22301

    Tips from URM | Expect the Unexpected – But have you Planned for the Unexpected?

    Have you Planned for the Unexpected?   This week’s top tip reflects on the prevalent theme of ‘uncertainty’.  Whether it be the general backdrop of political uncertainty that has dominated our lives since 23 June 2016, the vexing Tory leadership race as we await to see who will be our next Prime Minister or the […]

  • 45

    Cyber / Information Security / Business Continuity management – Continuous Improvement , What next?

    Continuous Improvement, What next? This week’s top tip focuses on where to seek information and highlights a recently released report which contains useful and valuable information.    A fundamental expectation of all ‘best practice’ ISO management systems is the requirement for a programme of continuous improvement.  There is often a danger within all organisations that programmes […]

  • PCI DSS - Top 5 five areas where URM sees organisations failing to implement PCI DSS requirements into their BAU process:

    Tips from URM – PCI DSS compliance as BAU

    PCI DSS compliance as BAU (Business As Usual) For an organisation to achieve and maintain compliance to the Payment Card Industry Data Security Standard (PCI DSS), the Payment Card Industry Security Standard Council (PCI SSC) encourages organisations to implement security into it business as usual (BAU) processes.    From URM’s own experience this is especially true […]

  • Article, where we aim to clarify what requirements the Payment Card Industry Data Security Standard (PCI-DSS) places around the protection of cardholder data (CHD) and sensitive authentication data (SAD)

    Tips from URM – PCI DSS | What are the requirements for protecting CHD and SAD?

    This is one of our ‘back to basics’ articles, where we aim to clarify what requirements the Payment Card Industry Data Security Standard (PCI DSS) places around the protection of cardholder data (CHD) and sensitive authentication data (SAD) in particular. Bit of a recap first.  The PCI DSS is an information security standard for organisations […]

  • Top tips from URM about Password Management and Compensating Controls

    Tips from URM – Password Management and Compensating Controls

    Section 8.2.4 of the PCI DSS v3.2.1 specifies that passwords must be changed at least once every 90 days.  In our day-to-day PCI DSS consultancy work, we are frequently asked whether there is any flexibility in extending the period when passwords need to be changed and whether ‘compensating controls’ can be used.  The argument often […]

  • 34

    Tips from URM – Scope

    One area we are often questioned about is scope. How do you identify and then manage your scope?  This week’s tip focuses on just that!   When you are looking at the processes associated with managing the security of your organisation’s information assets, there are a number of occasions where you will need to consider the […]