InfoSec Insider

In this episode of InfoSec Insider, Stuart Moran, Senior Consultant at URM, explores the addition of climate change considerations to 31 management system standards by the International Standards Organization (ISO) and the International Accreditation Forum (IAF).  Stuart draws upon more than 20 years of experience working with a wide range of ISO management system standards to discuss:  
What the ISO/IAF climate change amendment is  
How different industries might face unique challenges in integrating climate change considerations into their existing ISO management systems  
ow you can leverage technology to enhance your climate change conformance efforts considering the increased focus on AI and cloud services in ISO standards 
The future trends to anticipate given the evolving landscape of climate change regulations, and how you can prepare to adapt your management systems accordingly. 
Learn more about this topic: https://www.urmconsulting.com/blog/iso-and-iaf-add-climate-change-considerations-to-31-management-systems-standards 
 
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:   https://ratethispodcast.com/infosecinsider   
You can find more episodes of InfoSec Insider here:    https://urmconsulting.com/podcasts   
 Brought to you by URM, the UK’s leading information and cyber security specialists.    

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, Senior Data Protection Consultant at URM, provides some hints and tips on how to achieve and maintain compliance with the General Data Protection Regulation (GDPR), with a particular focus on the key documentation organisations need to have in place to comply.  Stuart leverages over 25 years of experience to discuss: 
The importance of maintaining documented evidence of your GDPR compliance under the ‘accountability’ principle 
Some of the key compliance documentation you need to produce, including records of processing activities (RoPAs) data protection impact assessments (DPIAs), privacy notices and personal data retention policies  
What information you will need to include in these documents  
When these documents are mandatory and whether any organisations are exempt from producing them.  
Learn more about this topic: https://www.urmconsulting.com/blog/10-top-tips-for-achieving-gdpr-compliance  
 
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:   https://ratethispodcast.com/infosecinsider  
You can find more episodes of InfoSec Insider here:   https://urmconsulting.com/podcasts  
 
  
Brought to you by URM, the UK’s leading information and cyber security specialists.   

In this episode of InfoSec Insider, Frazer Grudgings, Senior Consultant at URM, highlights the common pitfalls and mistakes he frequently sees organisations make when implementing ISO 27001, and explores the steps you can take to avoid these pitfalls.  Frazer draws upon his 15+ years of experience assisting organisations to implement ISO 27001 to discuss:  
The most common mistakes made and challenges faced by organisations implementing ISO 27001 
How to avoid making these mistakes and ensure your ISO 27001 implementation and certification process is as smooth and seamless as possible  
Where you can look for help and support with your ISO 27001 implementation, both within your organisation and externally.  
Learn more about this topic: https://www.urmconsulting.com/blog/common-pitfalls-identified-in-organisations-seeking-iso-27001-certification 
 
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:   https://ratethispodcast.com/infosecinsider  
You can find more episodes of InfoSec Insider here:   https://urmconsulting.com/podcasts  
   
Brought to you by URM, the UK’s leading information and cyber security specialists.   

In this episode of InfoSec Insider – Talk DP, Martin Brazier, Senior Consultant at URM, explores the key challenges of and considerations for maintaining data protection compliance when using facial recognition technology (FRT).  Martin leverages his 20+ years of specialism in information management and data protection to discuss:  
The different types of FRT and what they are used for 
Real-world examples of FRT deployments by organisations and of an organisation facing enforcement action for noncompliant FRT deployment  
The challenges associated with using facial recognition technology for organisations that need to comply with the General Data Protection Regulation (GDPR) 
How you can ensure that your use of FRT is GDPR compliant.  
Learn more about this topic: https://www.urmconsulting.com/blog/facial-recognition-technology-and-data-protection-compliance 
  
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:   https://ratethispodcast.com/infosecinsider  
You can find more episodes of InfoSec Insider here:   https://urmconsulting.com/podcasts  
 
Brought to you by URM, the UK’s leading information and cyber security specialists.   

In this episode of InfoSec Insider, Sue West, one of URM’s Senior Consultants, breaks down 2 of her ‘golden rules’ for successful implementation of ISO 9001, the International Standard for Quality Management Systems (QMS’).  Sue leverages more than 25 years of experience establishing, managing and auditing QMS’ to provide key insights on:  
The meaning of top management ‘leadership and commitment’ in the context of ISO 9001 and why it is important to the success of an ISO 9001 implementation project 
How management can effectively demonstrate leadership and commitment to the QMS when implementing ISO 9001  
The importance of ensuring that the QMS is tailored to the organisation and its operations 
What the ‘Process Approach’ means and how it can be used to build an effective, ISO 9001-conformant QMS.  
Learn more about this topic: https://www.urmconsulting.com/blog/5-golden-rules-for-implementing-iso-9001  
  
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:   https://ratethispodcast.com/infosecinsider  You can find more episodes of InfoSec Insider here:   https://urmconsulting.com/podcasts  
    
Brought to you by URM, the UK’s leading information and cyber security specialists.   

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, a Senior GRC Consultant at URM, provides a break down and analysis of the enforcement actions delivered since the beginning of 2023 by the Information Commissioner’s Office (ICO), the UK’s privacy regulator, to highlight emerging trends and lessons that can be learned from how the ICO enforces data protection legislation such as the UK General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulations (PECR).  Stuart leverages his 25+ years of specialisation in data protection law to discuss: 
The differences between the enforcement actions that are available to the ICO, i.e., Enforcement Notices, Reprimands, and Monetary Penalties 
The ICO’s enforcement activities in 2023 – the amount of fines compared to reprimands, and the sums of money involved 
The ICO’s enforcement activities in the first half of 2024 and how they compare to the same period in 2023 
Trends that can be observed in the ICO’s enforcement activities and the ICO’s approach to issuing fines vs. reprimands  
How the ICO’s use of monetary penalties compares to its European counterparts.  
 
Learn more about this topic: https://www.urmconsulting.com/blog/analysis-of-fines-imposed-by-the-information-commissioners-office-in-2023   https://www.urmconsulting.com/blog/ico-enforcement-action-january-june-2024 
   
If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here:   https://ratethispodcast.com/infosecinsider  
    
You can find more episodes of InfoSec Insider here:   https://urmconsulting.com/podcasts  
    
Brought to you by URM, the UK’s leading information and cyber security specialists.   

In this episode of InfoSec Insider, Alastair Stewart, Payment Card Industry Qualified Security Assessor (PCI QSA) and Senior Consultant at URM, explores some of the new requirements for e-commerce pages in version 4.0 of the PCI Data Security Standard (PCI DSS), providing valuable advice and guidance on what organisations can do to remain PCI DSS compliant as they transition to v4.0.  Alastair leverages his 10+ years of experience assisting organisations to comply with the PCI DSS to discuss:  
What the new requirements are for e-commerce pages in PCI DSS v4.0 
How organisations can go about meeting the new requirements 
Which organisations the new requirements for e-commerce pages will and will not be applicable to 
How challenging it will be for organisations to meet the new requirements 
Why the new requirements have been introduced 
Which of the new requirements for e-commerce pages have been added to the self-assessment questionnaires (SAQs) and which SAQs they have been added to.  
Learn more about this topic: https://www.urmconsulting.com/blog/what-are-the-key-new-requirements-with-pci-dss-4-0 
 If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider  
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts  
 
Brought to you by URM, the UK’s leading information and cyber security specialists.   

In this episode of InfoSec Insider – Talk DP, Rachael Salter, Senior Data Protection Consultant at URM, discusses organisations’ obligations under the General Data Protection Regulation (GDPR) when fulfilling data subject access requests (DSARs) and the challenges associated with processing these requests.  Rachael leverages her 10+ years of experience working in data protection compliance to provide advice and guidance on:  
What a DSAR is and how to recognise one 
When organisations are required to redact information from the personal data provided to the data subject 
When organisations can refuse to process a DSAR and what ‘manifestly unfounded or excessive’ means in practice. 
Learn more about this topic: https://www.urmconsulting.com/blog/everything-you-need-to-know-about-dsars 
If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider  
You can find more episodes of InfoSec Insider here:   https://urmconsulting.com/podcasts  
Brought to you by URM, the UK’s leading information and cyber security specialists.   

In the episode of InfoSec Insider Wayne Armstrong, Senior Information Security Consultant at URM, discusses the Certificate in Information Security Management Principles (CISMP), a BCS managed, foundation-level information security qualification.  Drawing upon his 30+ years’ experience in IT, information security and risk management, Wayne discusses:
What the CISMP is
What is covered in the CISMP curriculum
Who the CISMP is for and the benefits they could reap from sitting a CISMP course/exam.
Learn more about this topic:
https://www.urmconsulting.com/blog/a-guide-to-the-certificate-in-information-security-management-principles-cismp 
 
If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here:  
https://ratethispodcast.com/infosecinsider 
 
You can find more episodes of InfoSec Insider here:  
https://urmconsulting.com/podcasts 

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, a Senior GRC Consultant at URM, takes us ‘back to basics’ with the General Data Protection Regulation (GDPR), breaking down the key data protection concepts and terminology you will need to understand if you want to achieve and maintain compliance with the GDPR.  Stuart leverages his 25+ years of specialisation in data protection law to discuss: 
What counts as ‘processing’, ‘personal data’, and who counts as a ‘data subject’ under the GDPR 
The definition of ‘special category personal data’, and how requirements for processing this type of data differ
‘Data processers’ and ‘data controllers’ – what they are, and the differences between the GDPR requirements for these two types of entities
What ‘cookies’ are and how they are relevant to the GDPR.  
 Learn more about this topic: https://www.urmconsulting.com/blog/gdpr-back-to-basics 
 If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here:  
https://ratethispodcast.com/infosecinsider 
 
You can find more episodes of InfoSec Insider here:  
https://urmconsulting.com/podcasts 
 
Brought to you by URM, the UK’s leading information and cyber security specialists.