This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here

United Kingdom

Select your regional store:


Technical Services

IT Governance is the one-stop-shop for IT professionals seeking a comprehensive collection of information and products relating to the fields of IT governance, risk management, compliance and information security.

We are industry leaders when it comes to the breadth of our product offering; with books, training, eLearning and consultancy.

We also offer a growing range of technical services:

Download our technical services brochure.

Your systems need to be secured against unauthorised access – whether deliberate and malicious, or accidental. Our highly-trained and experienced staff are ideally placed to assess your organisation’s information security processes and infrastructure.

PCI DSS Consultancy Services

Our status as an approved QSA company underpins our range of PCI DSS consultancy services which include scoping, gap analysis, remediation support and audit. IT Governance Ltd is therefore able to provide the full range of PCI QSA service.

Click here for more information or Email us or call +44 (0) 845 070 1750.

In our capacity as an approved QSA company, our principle role is to ensure that an organisation is fully compliant to the requirements as specified in the Payment Card Industry Data Security Standard. All Qualified Security Assessor (QSA) companies must comply and adhere to a number of rigorous business and technical requirements as specified by PCI SCC.


IT Health Check

We can offer complete IT Health Checks designed to offer a complete view of your system’s strengths and vulnerabilities from a completely unbiased, expert perspective. Entirely customised to your needs, your company’s activity and your company’s size, the IT Health Check is a ‘must’ for any organisation.

Find out more here.

Penetration Testing

Penetration testing (or ‘Pen Testing’) is a process whereby an expert ‘ethical hacker’ seeks to gain access to your systems, revealing areas of weakness and making suggestions for improvements.

We are able to offer Black Box (‘blind’) tests, White Box (‘full disclosure’) tests, or something in between, bespoke to your requirements. We are able to extend this test to web applications and WLANs, with special prices available for annual contacts.

As a CREST member company, IT Governance has been verified as meeting the rigorous standards mandated by CREST. Clients can rest assured in the knowledge that the work will be carried out to rigorous standards by qualified and knowledgeable individuals.

Click here for more.


ASV Scanning

IT Governance Technical and Security Testing Services

Why use ITG Security Testing?

All projects commissioned to ITG Security Testing are undertaken by in-house qualified pen testers who are passionate about their job and delivering the best possible results. Moreover, as part of IT Governance Ltd, ITG Security Testing can draw on a wider expertise and meet any client’s requirements that go beyond pen testing.

In summary, you should choose us because:

  • we are a CREST member, meaning that we meet the rigorous standards mandated by CREST;
  • we possess information security expertise which comes from our long-standing involvement in pen testing, PCI-DSS and ISO27001-compliance projects;
  • our pen testers are fully qualified and experienced, and have been subject to extensive CV and other regularly conducted internal checks;
  • we use best-practice methodology (our security testing service is delivered in line with the best-practice OSSTMM methodology, developed and published by ISECOM.

Types of Security Testing Services

IT Governance offers the following types of security assessments, testing and technical services, in addition to the IT Governance penetration tests:

Software Penetration Tests

What is a Software Test?

In the same way that the network infrastructure needs testing to audit its security defences, software requires testing. Whether it is an application, operating system, web application or mobile application the coding can contain errors that allow malicious users to affect the security of the organisations assets.

What is the difference between a software penetration test and a software vulnerability assessment?

A software penetration test will attempt to exploit the identified vulnerabilities using the same tools and techniques as an attacker in order to gain access or ownership of the application. A Vulnerability assessment identifies the attack surface area and security posture of an organisation.

When do you need a Software Test?

After social engineering, attacks on software are the next serious threat to the security of an organisation. Software attacks can affect the confidentiality, integrity and availability of services and the data they rely on.

What exactly can you expect from a Software Test?

  • Consultation
  • Scoping
  • Reporting

Please note: Software testing does not include code review, which is a separately billable service.

Security Audits

What is a Security Audit?

A security audit is a service offered where IT Governance conducts a security review of a product – either a hardware or software product. The review focuses on the security aspects of the product and produces a report outlining how the product’s security profile matches requirements. This service covers:

  • Build reviews
  • Application reviews

When do you need a Security Audit?

A Security Audit is recommended when you are considering purchasing a new product, or prior to rollout of a new service or product. In particular, a Build Review would be conducted for a new build of a server or workstation prior to the installation being cloned as a gold template for rollout across an organisation.

What exactly can you expect from a Security Audit?

  • Consultation with the client
  • Scoping of your requirements
  • Testing and reporting

Please note: This is not a fixed price service and is dependent of the scope that will be conducted in consultation with the client. The review can include all common operating systems.

Cookies Audits

What is a Cookies Audit?

A cookies audit is an examination of your organisation’s website to identify all cookies and other mechanisms of retaining visitors’ information to identify whether the site complies with the Privacy and Communications Regulations.

When do you need a Cookies Audit?

A cookies audit should be undertaken on any UK and EU website to ensure it complies with EU and UK regulations covering identification of visitors to a website. The audit should be conducted after changes and updates to ensure new cookies not covered by previous audits are identified and added to the sites cookie policy.

What exactly can you expect from a Cookies Audit:

  • Consultation and scoping of the test requirements
  • Testing and reporting
  • Consultation

Our PECR Cookies Audit Service quickly and cost-effectively identifies the cookies that your site downloads onto visiting computers and provides specific guidance as to the steps that you should consider in order to meet the compliance requirements of the new Cookies Law, the revised Privacy and Communications Regulations.

Architecture Reviews

What is an Architecture Review?

An architecture review is a security review of an organisation’s infrastructure to determine the security posture of the infrastructure architecture. It will identify weaknesses within the architecture and make recommendations for improving the security posture and reducing the attack surface area.

When do you need an Architecture Review?

This type of service is recommended during the deployment of a new infrastructure architecture or after changes and upgrades have been made.

What exactly can you expect from an Architecture Review?

  • Consultation and scoping of the test requirements
  • Testing and reporting
  • Post-test consultation

Please note: Architecture Reviews are focused on auditing of the infrastructure. Business Continuity and Disaster Recovery aspects are not included in the test but can be offered as a separate service.

live chat support software