Businesses worldwide face constant challenges in countering the threats of cyber-attacks through malware, spam ware, or viruses which can cripple or bring the business to a standstill. Today, businesses operate in e-business models, with a growing percentage of transactions made via the internet, extranets, virtual private networks, and cloud platforms. There has been a rise in cyber-attacks in such complex e-business frameworks, which has driven a need to integrate security with operational and enterprise risk management. To help organizations assess and mitigate risks, URM Consulting Services Ltd (URM) has built its reputation on delivering high quality, tailored and cost-effective information security-related services. URM is driven first and foremost by quality, underpinned by transparency, honesty, and integrity, helping it grow organically and steadily since its inception in 2005.
Lisa Dargan, Director at URM, shared the essential highlights of URM’s critical offerings, including consultancy, auditing, penetration testing, training and supply of products.
URM delivers consultancy, auditing, and training services to organizations from all sectors and of all sizes in the areas of information security, risk management, data protection and business continuity. The company has built its reputation in delivering high quality, tailored and cost-effective services.
Through consultancy, auditing, and training services, URM’s mission is to assist organizations to achieve the optimum levels of information security, data protection, and business continuity that are commensurate with their business objectives and culture and meet international standards and legislation.
Lisa mentions that URM developed its particular niche as a governance, risk and compliance (GRC) consultancy in assisting organizations to meet the requirements of international management system standards, most notably ISO 27001, ISO 27701 and ISO 22301. These Standards are based on the Plan-Do-Check-Act (PDCA) continuous improvement model, where auditing plays a key and central role.
URM is also a specialist Payment Card Industry Qualified Security Assessor Company (PCI QSA) and a certification body assessor as part of the UK Government-backed Cyber Essentials Scheme.
URM offers a range of auditing services to assist organizations comply and certify with international standards such as ISO 27001, the Standard for Information Security Management. URM delivers three primary auditing services to these clients. The first one is where URM acts as internal auditors for clients where it can deliver the whole of an audit programme or individual audits on processes or specific controls. The second offering, Lisa added, involves URM training and upskilling appropriate individuals within the client’s organization to conduct internal audits. Typically, it is undertaken either through training or by shadowing URM’s auditor and then switching roles. The final service involves URM conducting third-party audits for clients, most typically of their suppliers.
URM has developed and delivered a 5-day Practitioner Certificate in Information Security Auditing (PCISA) course to support this. It is aimed at those seeking to enhance their auditing skills and the ability to apply a more formal approach to the planning of audits and the overall audit programme, and the execution of information security audits and audit reporting.
Apart from the general management system offerings, URM is a specialist PCI QSA where URM’s team of qualified QSAs assesses merchants and service providers regarding payment card processing,
Another area of auditing specialism is the UK Government-backed Cyber Essentials scheme, where URM, as a certification body, assesses organizations against 5 basic cyber security control areas.
A Preferred Customer Choice
URM’s success has been founded on the expertise and the experience of their consultants. All of their consultants are subject matter experts in their chosen areas of specialism, e.g., ISO 27001, PCI DSS, SOC or Cyber Essentials. Typically, their consultants have worked in their respective fields for approximately 10 years and have garnered valuable experience working both as implementers and auditors. All hold a range of auditing qualifications such as the Certified Information Systems Auditor (CISA), ISO 27001 Lead Auditor and Payment Card Industry Qualified Security Assessor (PCI QSA).
Lisa said that apart from the technical skills, all auditors possess the interpersonal skills necessary to extract the maximum information from interviewees. URM’s auditors are also renowned for applying a pragmatic, business-based approach to conducting audits.
URM’s established and proven audit methodology analyses client requirements and ensures that all outputs produced from audits are accurate and repeatable.
Testament of Quality
“Without a doubt, URM helped us to achieve our planned objectives a lot sooner than expected. The engagement was a huge success and couldn’t have gone any better” – UK Mail
“We have been a partner with URM Consulting for many years. They offer great service and are a team of real experts in all things cyber security.” – Cambridge Support
Adapting with Changing Times
With workforces required to work from home due to the Pandemic, the Compliance Operations Sector has been forced into new ways of working. Like many auditing organizations, URM was required to adapt to the situation and deliver audits remotely using tools such as Zoom and Microsoft Teams. In contrast, URM auditors’ overriding preference is to deliver audits face-to-face from a quality perspective, whilst acknowledging that remote audits can be effective for certain types of audits, e.g., documentation and evidential records audits or audits on cloud-based organizations.
Lisa adds, “There cannot be any substitute for being on site when conducting physical audits, witnessing processes and controls first-hand or auditing the understanding of a random selection of users.”
Strategies for Tomorrow
As industry moves towards more hybrid working patterns, URM’s strategy is focused on flexibility and responsiveness to meet changing business and client needs and providing value-added and quality audit services. As Lisa explains “A number of our clients no longer have physical sites and nearly all have adopted some element of remote working. As such it is essential our auditing services match our clients way of working”
In terms of the business community, URM believes that its greatest contribution lies in its knowledge-sharing philosophy, where it offers mentoring services, and 5-day training course, which has helped raise the quality of auditing in information security.
In terms of the local and national community, URM has been an active supporter of the Trussell Trust, where it contributes requested food and non-food items to food banks nationally. URM has also been a strong supporter of Kick start apprentice schemes and recruits locally wherever it can.
Lisa reveals that URM has achieved consistent and organic growth based on its reputation for delivering high quality and cost-effective auditing services. “Whilst we have diligently built an unrivalled reputation over 17 years, we are determined not to rest on our laurels and aspire to continue to evolve our auditing services, responding to new opportunities and further improve the quality of what we do,”.