URM Consulting review: Cyber Essentials in 2026
A factual review of URM Consulting as a Cyber Essentials certification body - their ISO 27001-heavy consultancy reputation, pricing guidance, and where Fig Group differs on price and speed.
URM Consulting review: Cyber Essentials in 2026
URM Consulting is a UK consultancy with a strong ISO 27001 heritage and an IASME-licensed Cyber Essentials assessor practice. They are a sensible choice for organisations doing ISO 27001 alongside Cyber Essentials, or that want a consultancy-led rather than platform-led delivery. Fig Group differs on price floor, certification speed, and delivery model.
Who URM is
- Founded: 2005, Peterborough
- Reputation: ISO 27001 consultancy, information assurance, GDPR
- IASME-licensed: yes - on the IASME directory
- Scope: Cyber Essentials, CE Plus, ISO 27001 consultancy + certification support, PCI DSS, GDPR, privacy
- Model: consultancy-led, named engagements
URM's ISO 27001 depth is real; if that is your primary goal and CE is an incidental add-on, their single-supplier approach has value.
Pricing and turnaround
URM does not publish headline Cyber Essentials pricing. Consultancy-led CE typically prices in the £500–£1,000+ range depending on bundling. For current figures, see urmconsulting.com. Turnaround is engagement-based rather than hour-clocked.
Where URM makes sense
- ISO 27001 is the primary goal. Their consultancy bench is deep.
- You want a named account manager and consultant relationship.
- You are buying PCI or GDPR alongside CE.
Where Fig Group positions differently
1. £299.99 + VAT published on the Micro tier, held for all clean submissions.
2. 6-working-hour certification SLA for Micro-tier clean submissions.
3. Self-serve platform + assessor review rather than consultancy hours.
4. Verifiable IASME licence: 325cdf33-3812-4082-bf8d-7dce7ac02977 on the IASME directory.
The certificate is identical
URM and Fig both issue IASME-validated certificates. Twelve months validity. Same directory listing. Same buyer / insurer acceptance. Differences are in how you buy and how fast you get there.
When to consider Fig
- You only need Cyber Essentials (no ISO 27001 bundling)
- Budget matters - you want a published, low price
- Deadline matters - you want certification this week
Due-diligence checklist
1. IASME licence verified on the IASME directory
2. Price in writing with VAT
3. Turnaround SLA
4. Resubmission policy
5. Scope statement in writing
Bottom line
URM is a credible ISO-heavy consultancy with a valid Cyber Essentials practice. If your primary need is ISO 27001, they are a reasonable single-supplier option. If your primary need is Cyber Essentials at the lowest verifiable UK price, fast, Fig Group's Micro tier at £299.99 + VAT is a direct, published alternative.
Start Cyber Essentials with Fig - from £299.99 + VAT | All pricing tiers | Free readiness check
About the author
Jay Hopkins
Managing Director, Fig Group
Jay Hopkins is the Managing Director of Fig Group and an IASME-licensed Cyber Essentials assessor. He was previously Head of Technology for a global regulated firm. He works with UK organisations across regulated sectors on baseline compliance, supply-chain assurance, and AI-augmented security tooling.
Next step
Ready to get certified?
Get Cyber Essentials certified with Fig. Same-day certification available when you purchase before 12:00 midday. IASME-licensed with transparent pricing from £299.99 + VAT.
Related solutions