About IT Governance Ltd
IT Governance is a unique organisation.
We source, create and deliver products and services to meet the real-world, evolving IT governance needs of today's organizations, directors, managers and practitioners. Our objective is to make this site the one-stop-shop for comprehensive corporate and IT governance information, advice, guidance, books, tools, training and consultancy.
We have been involved in designing, and successfully implementing, cost-effective BS 7799/ISO 27001 information security management systems since the standard was first promulgated. We write and publish extensively on IT governance subjects, including IT service management, project governance, regulation and compliance, and have evolved a range of leading-edge tools for IT governance, information security and regulatory compliance practitioners, available through the online shop on this site.
We approach IT governance, regulatory compliance and information security issues from a management perspective and are committed to engaging business leaders in developing and implementing information, ICT regulatory compliance and information security strategies that enable their businesses to compete effectively in the global information economy.
Vision:
Information, information technology and information security is ALWAYS a business issue, never just an IT one. Top management is accountable for the organization's information technology strategy and its deployment.
Mission:
Our mission is to engage and support Boards and business executives of both public and private sector organizations so that they are better able to properly manage their information technology strategies to achieve strategic goals, protect and secure their intellectual capital and the company's whole market value and meet relevant corporate governance and regulatory compliance objectives.
We have great customers from around the world - see a list of some of our great customers
What our customers think:
"That's fantastic, I had originally ordered the book through Amazon and it was a 2 month wait time so this is fantastic. I will certainly use you for all publications that I can."
"You are god sent, Thanks a lot. that will really help. I highly appreciate the efforts you have taken to complete the order. I have not experienced such customer service for a long time."
"Fast, speedy response to my needs"
"Goods arrived swiftly and well packaged"
"Excellent customer service"
"Impressive customer service, thanks for caretaking the order"
"I think your site is excellent in identifying the products which are available, relevant to ITIL / ISO20000. It also provides some useful information about the products to help choose the appropriate one. I'll definitely be back..."
Our unique proposition
We speak business, not tech - we are technologically literate business managers;
We are vendor-neutral, technology-independent and framework-agnostic;
We focus on cost-effectiveness - ie we don't just do it for you!
We are a one-stop-shop with the world's most comprehensive range of GRC books, tools and training available, so that you can choose and buy whatever you need.
Directors and Partners
Alan Calder - author of "IT Governance - a Manager's Guide", is a founder director of IT Governance Ltd. Before that, he was CEO of Wide Learning, a supplier of e-learning, of Focus Central London and, before that, of Business Link London City Partners (BLLCP). He was also a member of the DTI's Information Age Competitiveness Working Group. He was for many years a member of the DNV Certification Services Certification Committee, which certifies compliance with international standards including ISO27001/BS7799.
Alan works with a wide range of clients on IT governance and information security projects which include design, implementation and deployment of management systems and the development and writing of White Papers. He also speaks at seminars and presentations on IT governance, regulatory compliance and information security. Alan can be contacted on acalder@itgovernance.co.uk.
Steve Watkins - Steve is co-author of the book on IT Governance, and provides consultant and training services for IT Governance Limited.
Steve has held posts with HM Crown Prosecution Service Inspectorate, London Underground, Focus Central London, Business Link, a large photocopier sales and service organization and in local Government. In his various roles he has been responsible for most support disciplines. He has over 17 years' experience of managing integrated management systems, including maintenance of Information Security, Quality, Environmental and Investor in People certifications. As well as being a trained ISO27001 and ISO9000 auditor Steve is a trained EFQM Assessor and holds diplomas in safety and financial management.
He is Chair of the ISO/IEC27001 User Group, the UK Chapter of the ISMS International User Group, and also sits on the Management Committee of the British Standards Society where he chairs the Corporate Governance Group. Steve can be contacted on swatkins@itgovernance.co.uk.
The authors were responsible for the first company (BLLCP) to achieve BS 7799 registration when the standard was first promulgated in 1996. They have aided other organizations since then to implement effective information security management systems, and have been involved in the development of both the accredited certification scheme and related training standards.
Bibliography
IT Governance: Guidelines for Directors (Alan Calder, ITGP, 2005)
IT Governance Today: a Practitioner's Handbook (Alan Calder, ITGP, 2005)
IT Governance: a Manager's Guide to Data Security and BS7799/ISO17799 - 3rd edition (Alan Calder & Steve Watkins, Kogan Page, 2005)
International IT Governance: an Executive Guide to ISO17799/ISO27001 (Alan Calder & Steve Watkins, Kogan Page, 2006)
A Business Guide to Information Security (Alan Calder, Kogan Page - published in association with the Institute of Directors, 2005)
Information Security based on ISO27001/ISO17799: a Management Guide (Alan Calder, van Haren, 2006)
Implementing Information Security based on ISO27001/ISO17799: a Management Guide (Alan Calder, van Haren, 2006)
Nine Steps to Success: an ISO27001 Implementation Overview (Alan Calder, ITGP, 2005)
The Case for ISO27001 (Alan Calder, ITGP, 2005)
Forthcoming publications:
Corporate Governance: an Integrated Approach to Risk Management (Kogan Page, 2007)
The 21st Century IT Management System: Integrating ISO27001 and ISO20000 based on ITIL (BSI, 2007)
IT Governance: A Managers Guide to Data Security and BS 7799/ISO 17799
One of the authors, Alan Calder, says: "this is THE book on information security governance". We wrote it for two reasons:
The first was that my own experience, as a business manager attempting to deploy an effective information security management system, was that I was trespassing on forbidden territory. I was not - and am not - an IT expert - and not only could I find nothing that would explain to me in plain English what the issues were that I needed to consider, or what the range of options was, but I was also given either no help, or the run around by the IT people that I dealt with.
The second was that I realised - and this project for me started in 1996 - that the internet would revolutionise business - not in the ways that led to the dot.com boom, but in the sense that the capitalist economy would become increasingly an information based one - and that as more and more was invested in IT hardware and software, and more and more information was stored electronically, as information became the life blood of modern enterprises, so the threats to information security would rise. I thought that any sensible business organisation would want to do something about this and that many more business managers would need something in plain English that would help them through the detailed considerations necessary to deal strategically with information security. (You can buy IT Governance: A Managers Guide to Data Security and BS 7799/ISO 17799 from us online.
I'm sure that everyone recognises the nature of the threats to information - from "fat fingers" through to cyber war - and the speed with which they have grown. However, few organisations seem to take these threats seriously. The number of organisation s that have implemented a BS 7799 compliant information security management system is still in the low double figures - but there are 200,000 or more organisations that consider quality enough of a business issue to have implemented an ISO 9000 compliant quality assurance system. I think that this is a serious and significant flaw in our business infrastructure. One significant blow to an organisation's information systems could destroy it.
In the UK, the situation (at least for quoted companies) is already very clear. The Combined Code on Corporate Governance is explicit about the requirement that boards adopt a risk-based approach to management and the Turnbull report was even more explicit in setting out the steps that organisations should take to deal with identified threats. For virtually all quoted companies, there are clear business risks related to their investments in IT hardware and software, and in particular to the information stored on this infrastructure, which means that a failure to address it in the boardroom is a failure of corporate governance. IT governance is, frankly, as important today as financial governance - and far more important to shareholders than fashionable issues like sustainability and the environment.
It is increasingly recognised, across the business, IT and financial communities, that this is the case; what is now needed is direct action by people at all levels - particularly investors and journalists, to begin insisting on transparent IT governance.
The book, which can be purchased online here, is an essential tool for managers
attempting to respond to these issues.
