This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here

Jump to navigation

Certification Consultancy

What we do, and why you should choose our services

The IT Governance Professional Services team has worked with organisations of all sizes, from the smallest SMEs to global enterprises, helping to apply management system standards for many years. We have consulted on many successful compliance and cultural change projects, with an impressive track record of more than 100 clients successfully certificated to ISO27001 alone. Our team is one of the most experienced in the UK, having worked on projects in a wide range of both public and private sector organisations covering a wide variety of market sectors/segments.

Flexible service package

We will provide you with the level of support that you require, in the context of the resource and project plan we have agreed with you. This is true whether you seek a certification to international standards based on the findings of an initial scoping project, or whether your aim is to follow best practice, or simply become ‘compliant. We recognise that no two situations are identical; therefore, we tailor our services and solutions to meet your needs.

Risk management

Risk assessment is the core competence of modern business. In line with the UK Corporate Governance requirements (Basel II and III, ISO31000, ISO27001, and OCTAVE), we help you to formalise and structure your approach to strategic and operational risk, fully incorporating cybersecurity into the picture. Our unique approach takes into account the complex competitive, regulatory and environmental factors that affect the achievement of strategic goals. Our services can include the development of a corporate risk log, and risk assessment through to the production of formal risk treatment plans and review processes.

Achieving certification

How long will it take to achieve certification? In the early days of a new certification scheme, it can take up to 18 months to achieve certification. When a scheme has matured, the norm reduces to around 6 to 9 months, and in some cases it’s less than that. IT Governance is particularly experienced in accelerating accredited certification projects. We can provide ‘Letters of Assurance’ for clients that need to demonstrate to clients they are on track to complete on time.
We used IT Governance during our project and you really learn a lot from a few days’ consultancy. They will steer you in the right direction.’ James Ellis, IT Administrator, Pindar Plc

Ongoing support

IT Governance believes that serving you well means helping you to develop the skills and knowledge necessary to run your own management systems and compliance programmes. Our clear focus is, therefore, on helping you develop your skills and confidence. Through our empowering value-for-money approach, you can encourage and enable your people to take ownership of the management system and use it to improve performance across the organisation.

Single source

You and your lead IT Governance consultant will have access to the comprehensive and integrated resources of IT Governance, to ensure a successful project. These include:
  • Risk management expertise

  • Technical information security expertise

  • Trainers (practitioners) and training courses (see our training pages)

  • Books and tools available through our on-line shop

  • Recruitment support for IT governance related posts

How much will it cost to get certification?

This depends on your timescales, where certification sits in comparison to other objectives, the existing stance of the organisation and how you choose to resource the project. Why not contact us to talk through some of the issues so we can give you a response tailored to your particular scenario?

We’re agile!

We can help you start a project within days of our first contact, and complete it well within your target dates, as our clients will tell you!
I would have no hesitation in recommending IT Governance to others. The main advantage was their flexibility. IT Governance tailored their services, to our specific needs.’ Paul Berry, Senior Project Manager, Martin Dawes Solutions

Frequently Asked Questions

Does IT Governance have experience of working with organisations in our sector?

Through our qualified advisers and mentors, we support a diverse selection of projects and clients. The IT Governance Professional Services team has worked with organisations of all sizes, from the smallest SMEs to global enterprises, helping to apply management system standards for many years. Our trusted advisers have consulted on many successful compliance and cultural change projects, with an impressive track record of more than 100 clients successfully certificated to ISO27001 alone.
Our team is one of the most experienced in the UK, having worked on projects in a wide range of both public and private sector organisations covering a wide variety of market sectors/segments - ask our trained advisers to learn more about our work.

How can we be assured that your consultants are competent and able to tackle our project?

We only employ highly-qualified and experienced consultants with an extensive track record in successfully delivering projects across a range of international standards and contractual compliance disciplines.


Which certification/registration body do you recommend?

IT Governance does not have a preferred certification body, and we leave it to our clients to decide. We believe (and all the evidence suggests) that our advice and approach stand up to the most rigorous, independent, scrutiny in the standards compliance market. We strongly recommend that you only use certification bodies that are accredited by the relevant National Accreditation Body, for example: UKAS or equivalent, as indicated by their membership of the IAF, (International Accreditation Forum). Whilst we are certainly able to manage your relationship with your Certification Body (CB), we believe that this is best left to you. However, we do advise on criteria that you might want to consider when deciding which CB to appoint.
IT Governance is widely recognised amongst UKAS accredited certification bodies as a leading consultancy organisation and is listed by the following:
  • BSI Management Systems UK Associate Consultant Programme
  • Bureau Veritas Certification approved list for the implementation and management of ISO27001 and ISO20000 (IT Service Management standard)
  • ISOQAR consultant database
  • Lloyds Register Quality Assurance (LRQA) Consultant Network
  • NQA Associate Consultant Register
Clients of IT Governance have used the following UKAS (or equivalent) accredited certification bodies: ACS, AJA Registrars, BSI, Bureau Veritas, Certification Europe, Certification International, Det Norske Veritas, ISOQAR, LRQA, NQA, and SGS.
Over and above their professional competences, each member of our team has a specialised area of expertise that has enabled them to establish a well-respected stature within their field. Where required, we will happily provide CVs for the consultant who will work on your project.

In addition to the list of clients that can be seen on our website, we also publish a number of case studies, which we would be happy discuss with you.

Can you provide references?

Yes, of course! How many would you like?

How complete is your service?

The IT Governance philosophy is to maximise the amount of knowledge transferred from us to you, ensuring that your in-house resources are capable of maintaining the arrangements or management system without the need for further external intervention. This mentoring approach relates closely with our principle of empowering you to manage your systems yourself.
We turned to IT Governance as they had the expertise and experience of helping organisations comply before and so took the stress away, allowing us to concentrate on other things.’ Anil Pitalia, CEO of SpaMedica

How do you make sure the project delivers on time and to objective?

At IT Governance, we agree a project plan and timeline with you from the outset. We also try to ensure that you have the same consultant throughout the project. We have a full support team behind every consultancy project taking place in the field, and, their job includes supporting the lead consultant to ensure: 
  • Timely delivery; we make absolutely sure that your project delivers on time.

  • Personalised service; your assigned consultant is available when required by your project.

  • Active management; our processes and records minimise disruption to your experience of our service.
We manage our resources efficiently and effectively – putting you at the centre of our planning and delivery. Of course, it also means that you can speak to a member of your consultancy team at any time, without the need to wait for your consultant to get back in touch with you.

How do we get help when your consultants are not on site?

As a client of IT Governance you have telephone and email access to us 365 days a year, with responses being provided within hours rather than days. We will always be there to assist you.

What other costs should we budget for in our project?

There are no hidden costs. Our project proposal identifies everything that you will need to do, or purchase, in order to successfully prepare for certification.

In order to achieve certification, you will have to:

  • Read and understand the standard – the essential starting point.
  • Work with our consultant to identify the gaps between your current systems and those required by the standard.
  • Put in place the policies, procedures and controls that we outline in our detailed proposal.
With the help of our consultants, you will meet all the requirements in the shortest possible time. It’s that simple!
Our position is one of vendor neutrality; however, we will make recommendations on products and services if asked to do so. 

What support do you provide following certification?

IT Governance believes that for a consultancy service to deliver real value for money, it needs to transfer the knowledge and tools to maintain and develop the system your business needs. This means that our clients rarely have need for further support in relation to the service provided.
Of course some of our clients want us to remain involved; running their internal ISMS audit programme for them for example, and we are naturally more the happy to provide such arrangements.
We also provide FastTrack consultancy packages where we take on the majority of the work for a fixed fee.
We are always interested in knowing how our previous clients are getting on, and we are happy to answer any queries we receive from them. Then there are the more significant queries such as, bringing two management systems together for one organisation following a merger or acquisition.
We practise what we preach. The company’s ISMS has achieved accredited certification to ISO/IEC 27001.
Telephone our advisers to discuss your project requirements and arrange time with our consultants.

It could be one of the best decisions you ever make!

0845 070 1750
+44 (0) 845 070 1750
live chat support software