URM Consulting Services Limited (URM) is dedicated to providing high quality, cost-effective and tailored consultancy and training in the areas of information security, data protection, business continuity and risk management.

URM's mission, through our consultancy and training services and our risk management software, is to assist you achieve the levels of information security, data protection and business continuity which are commensurate with the objectives and culture of your organisation and which also meet international standards, regulations and legislation.

With our risk-based and pragmatic approach and knowledge transfer philosophy, URM's goal is to work with you to ensure any implementation reflects your organisation, is understood and sustainable.

URM's team of information security, data protection, risk management and business continuity consultants consists of some of the most skilled practitioners in the UK, each with extensive implementation experience.

Risk management is the cornerstone of any information security or business continuity management system and, since 2002, URM has been developing and refining its risk assessment methodologies and processes to address the requirements of international standards.

Our suite of purpose-designed risk assessment software products (Abriska®) can help you not only satisfy the requirements of ISO 27001 and ISO 22301, but enable you to make better-informed decisions as to which information security, data protection or business continuity measures to implement.

URM is highly experienced at assisting organisations comply, or certify, with the ISO 27001 and ISO 22301 Standards (having assisted over 300 organisations achieve and maintain these Standards).

URM is also a Payment Card Industry Qualified Security Assessor (PCI QSA) which means that it has been certified by the PCI Security Standards Council (PCI SSC) to assess organisations' compliance to PCI DSS. Data protection is another niche skill and our experienced consultants can advise how best to comply with the UK and European legislation.

Brief History

Starting as an information security division within Ultima Business Solutions (Ultima) in 2002, URM was established as a separate legal entity, Ultima Risk Management Ltd, three years later in July 2005.

Having grown steadily and organically, and established itself as one of UK’s leading consultancy and training providers in the areas of information security, data protection, business continuity and risk management, URM changed its name from Ultima Risk Management Limited to URM Consulting Services Limited (URM) in August 2019.

The reason for the name change was to more closely align its registered name with its trading/brand name of URM. The legal entity remains the same.


URM is Certified to:
ISO 27001:2013 (certificate IS 536976)
ISO 22301:2012 (certificate BCMS 594364)
Cyber Essentials (certificate IASME-CE-014362)
Cyber Essentials Plus (certificate IASME-CEP-003133)

Office working hours
Contact information