IT Governance is a world leader in the field of IT GRC (governance, risk management and compliance) solutions. Our mission is to engage with business executives, senior managers and IT professionals to help them protect and secure their intellectual capital, comply with relevant regulations and thrive as they achieve strategic goals through better IT management.
Our experience working with complex businesses across jurisdictional boundaries and cultures means we can put together large–scale and long–term projects to help organisations implement effective management systems that achieve multiple compliance objectives, and deliver greater business efficiency and significant value for money.
We’re independent of vendors and certification bodies, and encourage our clients to select the best fit for their needs and objectives. So, whether you want to create an integrated management system to address all of your compliance needs, or want a more mature approach to cyber resilience, we can help you.
Click here to see some of our clients >>
CESG cyber security consultancy service
IT Governance’s cyber security consultancy service is aligned with the requirements of CESG’s new Certified Cyber Security Consultancy (CCSC) scheme.
Click for more information about CESG cyber security consultancy >>
GDPR and data protection consultancy
As of May 2018, the Data Protection Act 1998 (DPA) was superseded by the EU General Data Protection Regulation (GDPR), which prescribes considerably greater penalties for breaches – up to 4% of annual global turnover or €20 million.
IT Governance has wide–ranging data protection expertise to help organisations adequately prepare for the GDPR. Our specialist and experienced privacy consultancy team are available to assist you with initial readiness assessments, gap analyses and data flow audits.
Click for more information about data protection, DPA and GDPR consultancy >>
ISO 9001 and quality management
IT Governance can help you implement a quality management system (QMS) compliant with ISO 9001. With over 1.1 million certifications worldwide, ISO 9001 is globally recognised as the best framework for helping organisations identify product or service deficiencies and make improvements quickly, resulting in less waste, less work rejected or found inadequate, and fewer complaints.
Click for more information about ISO 9001 and quality management consultancy >>
ISO 20000 and IT service management
IT Governance can provide whatever you need to help you achieve ISO 20000 certification for all or part of your service delivery organisation. Services can be provided in a flexible way to suit your needs.
Click here for more information about ISO 20000 and IT service management consultancy >>
ISO 22301 and business continuity
IT Governance can provide a comprehensive solution to implement a business continuity management system (BCMS) based on the international standard ISO 22301 and achieve certification in the shortest possible time. Our ISO 22301 and business continuity consultancy service includes assessing your current business continuity plans, policies and procedures, and developing an executive report and prioritised roadmap of recommended activities and solutions aligned to ISO 22301. We also offer ISO 22301 FastTrack™ Consultancy to help you achieve certification in four months for a fixed price.
Click here for more information about ISO 22301 and business continuity consultancy >>
ISO 27001 and information security
Over the last 15 years, we’ve successfully helped over 400 companies – from SMEs to FTSE 100 companies – achieve ISO 27001 certification. Whatever your ISO 27001 consultancy needs, we have the right services to help you implement an ISO 27001–compliant information security management system (ISMS) quickly and without hassle, whatever your size, sector or location.
Click here for more information about ISO 27001 and information security consultancy >>
ISO 50001 (energy management) and ISO 14001 (environmental management)
IT Governance can help you demonstrate compliance with the ESOS regulations by implementing an energy management system (EnMS) compliant with ISO 50001. We can also help you implement an ISO 14001 environmental management system (EMS) to control the environmental impact of your activities, products and services, while demonstrating the continual improvement of environmental performance.
Click for more information about ISO 50001 and ISO 140001 consultancy >>
IT Health Check
Security testing provides an appropriate level of assurance that technical vulnerabilities have been identified and effectively controlled. An IT Health Check can include application testing, penetration testing, wireless network testing, security audit and an internal network vulnerability assessment.
Click here for more information about IT Health Checks >>
Penetration testing – infrastructure and web application
Penetration testing is the most effective way of identifying exploitable vulnerabilities within your company’s Internet–facing resources, allowing suitable patches to be applied. IT Governance provides a range of bespoke penetration tests that deliver cost–effective and practical solutions to help you meet your legal, regulatory and contractual requirements. IT Governance Ltd is a CREST member company, so clients can rest assured that IT Governance penetration tests will be carried out to the highest standards by qualified and knowledgeable individuals.
Click here for more information about penetration testing >>
PCI DSS compliance
IT Governance is a PCI Qualified Security Assessor (QSA) company. If your organisation is a merchant or service provider, IT Governance can help you improve your cyber security and comply with the requirements of the PCI DSS in the shortest timeframe and for the minimum cost. Whether you need help reducing your cardholder data environment (CDE) or completing a self–assessment questionnaire (SAQ), or your increased transaction volumes have seen you move up a level and you now need a QSA–led report on compliance (RoC), our QSAs and PCI DSS experts can help you find the right way forward.
Click here for more information about PCI DSS consultancy >>
PCI QSA services
In our capacity as an approved QSA company, our principle role is to ensure that an organisation complies with the requirements of the PCI DSS. Our status as an approved QSA company underpins our range of PCI DSS consultancy services, which include project scoping, gap analysis, remediation support and audit.
Click here for more information about PCI QSA services >>
Whether you are a public–sector organisation or a private–sector business that works with the public sector, you will have a number of regulatory and compliance obligations to fulfil, such as CESG’s new Certified Cyber Security Consultancy (CCSC) scheme, the MOD’s Defence Procurement Partnership, the Gambling Commission’s Remote gambling and software technical standards (RTS), the government’s Security Policy Framework, the G–Cloud framework, and the NHS IG Toolkit.
Click here for more information about public-sector consultancy >>
SOC audits based on ISAE 3402 and SSAE 16
A SOC audit is often a prerequisite for service organisations to partner with or provide services to tier–one organisations in the supply chain.
SSAE 16 and ISAE 3402 are independent, industry–recognised, third–party assurance standards that are used to audit service organisations, such as outsourced hosting providers and Cloud service providers. Many organisations that have undergone a SAS 70 in the past will now require a SOC 2 (II) report.
IT Governance can assist with the full SOC process, from conducting a readiness assessment and applying the necessary remedial measures through to testing and reporting, by virtue of its partnership with a leading PCAOB–registered CPA firm.
Click here for more information about SOC audits based on ISAE 3402 and SSAE 16 >>
tScheme is the independent, industry–led, self–regulatory scheme designed to create strict assessment criteria for the approval of e-business and e–government trust services. Our free, no–obligation assessment will give you an overview of how you measure up against the current tScheme requirements and identify the steps you need to take to meet them. You can also take advantage of our additional support options, including a mentor and coach for your internal project team, or even appoint our team of experts to run your project for you.
Click here for more information about tScheme compliance consultancy >>
Supplier audit and supply chain assurance
Our supplier audit and supply chain assurance service is non-sector–specific and includes both training and consultancy. It ensures you deliver the degree of assurance you and your stakeholders require with maximum efficiency. We ensure your supplier audit and monitoring regime is running efficiently and effectively by optimising data collection, using remote and on–site auditing. Where appropriate, we recommend ISO 28000, the management system standard for supply chain security.
Click here for more information about supplier audit and supply chain assurance consultancy >>
Please contact our team for advice and guidance on our products and services.