About IT Governance Ltd
IT Governance is a unique organisation.
We source, create and deliver products and services to meet the evolving IT governance needs of today's organisations, directors, managers and practitioners.
Our objective is to be the one-stop-shop for comprehensive corporate and IT governance information, advice, guidance, books, tools, training and consultancy.
We have been involved in designing, and successfully implementing, cost-effective BS 7799/ISO 27001 information security management systems since the standard was first introduced.
We write and publish extensively on IT governance subjects, including IT service management, project governance, regulation and compliance, and have evolved a range of tools for IT governance, information security and regulatory compliance practitioners, available through the online shop on this site.
We approach IT governance, regulatory compliance and information security issues from a management perspective. This means we are committed to engaging business leaders in developing and implementing information, ICT regulatory compliance and information security strategies that enable their businesses to compete effectively in the global information economy.
Information, information technology and information security is ALWAYS a business issue, never just an IT one. Top management is accountable for the organisation's information technology strategy and its deployment.
Our mission is to engage with boards and business executives of both public and private sector organisations so that they are better able to properly manage their information technology strategies to achieve strategic goals, protect and secure their intellectual capital and the company's whole market value and meet relevant corporate governance and regulatory compliance objectives.
We have great customers from around the world - see a list of some of our customers.
See what our customers are saying about our customer service.
Our unique proposition
We are business-led, not technology driven;
We speak business, not tech - we are technologically literate business managers;
We are vendor-neutral, technology-independent and framework-agnostic;
We focus on cost-effectiveness - ie we don't just do it for you!
We are a one-stop-shop with the world's most comprehensive range of GRC books, tools and training available, so that you can choose and buy whatever you need.
We practice what we preach
IT Governance has been awarded both ISO27001 and ISO9001 certification. Both of our management systems are fully-integrated with one another and will ensure information security and quality management best practices are upheld throughout the company.
Currently we are working on implementing other standards including ISO14001, ISO20000 and ISO22301.
Alan Calder, the CEO of IT Governance Ltd, has also signed up to the Information Commissioner's Office's Personal Information Promise.
Directors and Partners
Alan Calder - CEO of IT Governance
Alan is the author of "IT Governance - a Manager's Guide" and a founder director of IT Governance Ltd. Before that, he was CEO of Wide Learning, a supplier of e-learning, of Focus Central London and, before that, of Business Link London City Partners (BLLCP). He was also a member of the DTI's Information Age Competitiveness Working Group.
He was for many years a member of the DNV Certification Services Certification Committee, which certifies compliance with international standards including ISO27001/BS7799.
Alan works with a wide range of clients on IT governance and information security projects which include design, implementation and deployment of management systems and the development and writing of White Papers. He also speaks at seminars and presentations on IT governance, regulatory compliance and information security. Alan can be contacted on firstname.lastname@example.org.
Steve G Watkins - Director (Training & Consultancy) at IT Governance
Steve is co-author of the book on IT Governance, and Director of training & consultancy at IT Governance Ltd.
Steve is Chair of the ISO/IEC27001 User Group, the UK Chapter of the ISMS International User Group, and is UKAS’ ISMS Technical Expert, advising on their assessments of certification bodies offering ISO27001 accredited certification. Steve sits on the Management Committee of the British Standards Society and is an active member of a number of technical committees responsible for drafting Standards.
Steve has held posts with HM Crown Prosecution Service Inspectorate, London Underground, Focus Central London, Business Link, a large photocopier sales and service organisation and in local Government. In his various roles he has been responsible for most support disciplines.
He has over 20 years' experience of managing and consulting on integrated management systems, including Information Security, Quality, Environmental and Investor in People certifications.
As well as being a trained ISO27001 and ISO9000 lead auditor Steve is a trained EFQM Assessor and holds diplomas in safety and financial management.
Steve can be contacted on email@example.com.
The authors were responsible for the first company (BLLCP) to achieve BS 7799 registration when the standard was first promulgated in 1996. They have aided other organisations since then to implement effective information security management systems, and have been involved in the development of both the accredited certification scheme and related training standards.
IT Governance: A Managers Guide to Data Security and ISO27001/ISO 27002
Click here to read an excerpt of the book...
Below, one of the authors of this book, Alan Calder, explains his reasons for wanting to write the guide, de-mystifying the process of becoming ISO27001 compliant.
"The first was that my own experience, as a business manager attempting to deploy an effective information security management system, was that I was trespassing on forbidden territory.
I was not - and am not - an IT expert - and not only could I find nothing that would explain to me in plain English what the issues were that I needed to consider, or what the range of options was, but I was also given either no help, or the run around by the IT people that I dealt with.
The second was that I realised - and this project for me started in 1996 - that the internet would revolutionise business - not in the ways that led to the dot.com boom, but in the sense that the capitalist economy would become increasingly an information based one - and that as more and more was invested in IT hardware and software, and more and more information was stored electronically, as information became the life blood of modern enterprises, so the threats to information security would rise.
I thought that any sensible business organisation would want to do something about this and that many more business managers would need something in plain English that would help them through the detailed considerations necessary to deal strategically with information security. (You can buy IT Governance: A Managers Guide to Data Security and ISO27001/ISO27002 from us online).
I'm sure that everyone recognises the nature of the threats to information - from "fat fingers" through to cyber war - and the speed with which they have grown. However, few organisations seem to take these threats seriously.
The number of organisations that have implemented an ISO27001 compliant information security management system is still in the low tens of thousands - but there are nearly 1 million organisations that consider quality enough of a business issue to have implemented an ISO 9001 compliant quality assurance system. I think that this is a serious and significant flaw in our business infrastructure. One significant blow to an organisation's information systems could destroy it.
In the UK, the situation (at least for quoted companies) is already very clear. The Combined Code on Corporate Governance is explicit about the requirement that boards adopt a risk-based approach to management and the Turnbull report was even more explicit in setting out the steps that organisations should take to deal with identified threats. For virtually all quoted companies, there are clear business risks related to their investments in IT hardware and software, and in particular to the information stored on this infrastructure, which means that a failure to address it in the boardroom is a failure of corporate governance.
IT governance is, frankly, as important today as financial governance - and far more important to shareholders than fashionable issues like sustainability and the environment.
It is increasingly recognised, across the business, IT and financial communities, that this is the case; what is now needed is direct action by people at all levels - particularly investors and journalists, to begin insisting on transparent IT governance."
The book, which can be purchased online here, is an essential tool for managers attempting to respond to these issues.
IT Governance: Guidelines for Directors (Alan Calder, ITGP, 2005)
IT Governance Today: a Practitioner's Handbook (Alan Calder, ITGP, 2005)
IT Governance: a Manager's Guide to Data Security and ISO27001/ISO27002 - 4th edition (Alan Calder & Steve Watkins, Kogan Page, 2008)
International IT Governance: an Executive Guide to ISO17799/ISO27001 (Alan Calder & Steve Watkins, Kogan Page, 2006)
Information Security based on ISO27001/ISO17799: a Management Guide (Alan Calder, van Haren, 2009)
Implementing Information Security based on ISO27001/ISO17799: a Management Guide (Alan Calder, van Haren, 2009)
Nine Steps to Success: an ISO27001 Implementation Overview (Alan Calder, ITGP, 2005)
The Case for ISO27001 (Alan Calder, ITGP, 2005)
Corporate Governance: A Guide to the Laws, Frameworks and Standards
IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT