This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

Consultancy for large organisations

Breaches cost business. According to IBM/Ponemon Institute’s 2016 Cost of Data Breach Study, data breaches cost large firms an average of £2.53 million, through a combination of reputational damage and customer churn, administrative fines, and the cost of remediation.

IT Governance is a world leader in the field of IT GRC (governance, risk management and compliance) solutions. Our mission is to engage with business executives, senior managers and IT professionals, and help them protect and secure their intellectual capital, comply with relevant regulations and thrive as they achieve strategic goals through better IT management.

We don’t just provide consultancy. Uniquely, we have a complete set of fully integrable products and services, including information, books, tools, consultancy, technical services, training and staff awareness for IT GRC and IT security. This means we can provide everything for your project or you can pick and choose the components you need, depending on your existing resources.

We’re independent of vendors and certification bodies, and encourage our clients to select the best fit for their needs and objectives.

Whether you want to create an integrated management system to address all of your compliance needs, or want a more mature approach to cyber resilience, we can help you.

Our consultancy services include:

  • GDPR/data protection consultancy

    As of May 2018, the Data Protection Act 1998 (DPA) was superseded by the EU General Data Protection Regulation (GDPR), which prescribes considerably greater penalties for breaches – up to 4% of annual global turnover or €20 million.

    IT Governance has wide–ranging data protection expertise to help organisations adequately prepare for the GDPR. Our specialist and experienced privacy consultancy team are available to assist you with initial readiness assessments, gap analyses and data flow audits.

    Click here to find out more about the GDPR >>

  • Cyber incident respone management

    The speed at which you identify a breach, combat the spread of malware, prevent access to data and remediate the threat will make a significant difference in controlling risk, costs and exposure during an incident. Effective incident response processes can reduce the risk of future incidents occurring.

    The IT Governance cyber security incident response consultancy service can help you develop the resilience to protect against, remediate and recover from a wide range of cyber incidents, and is based on best-practice frameworks ISO/IEC 27001, ISO/IEC 27035 (the international standard for cyber incident response) and those developed by CREST.

    Click here for more information about cyber incident response consultancy >>

  • ISO 9001 and quality management consultancy

    ISO 9001 is the international standard that sets out the criteria for a QMS (quality management system). Based on seven quality management principles, the Standard will help you to continually monitor and manage quality across all of your operations, as well as benchmark your organisation’s performance and service.

    With over 1.1 million certifications worldwide, ISO 9001 is globally recognised as the best framework for helping organisations deliver quality products and services.

    IT Governance’s ISO 9001 consultants can help with every aspect of your QMS project.

    Click here for more information about ISO 9001 consultancy >>

  • ISO 22301 and business continuity management consultancy

    The ISO 22301 standard specifies the requirements for a BCMS (business continuity management system), which can be used in isolation to prepare for disruptive incidents, or combined with ISO 27001 to create a posture of cyber resilience.

    Click here for more information about ISO 22301 consultancy >>

  • ISO 27001 and information security management consultancy

    ISO 27001 is the international standard that specifies the requirements for an ISMS (information security management system). Accredited certification to the Standard is recognised around the world as the hallmark of best practice, and reassures clients, stakeholders and staff that an organisation takes its responsibilities seriously.

    With our customisable ISO 27001 implementation consultancy, our experience and expertise will see you through every stage of your ISMS implementation – from setting up the project to accredited certification and beyond, making sure that your people develop the skills they need to continue running your ISMS post–certification.

    WThis made–to–measure service offers a combination of hands–on, in–house, or remote mentor and coach consultancy to fit your business needs.

    Click for more information about ISO 27001 implementation consultancy >>

    We also provide an ISO 27001 internal audit service >>

  • ISO 9001 and quality management consultancy

    With over 1.1 million certifications worldwide, ISO 9001 is globally recognised as the best framework for helping organisations deliver quality products and services.

    IT Governance’s ISO 9001 consultants can help with every aspect of your QMS project.

    Click here for more information about ISO 9001 consultancy >>

  • Public-sector consultancy

    Whether you are a public–sector organisation or a private–sector business that works with the public sector, you will have a number of regulatory and compliance obligations to fulfil, such as CESG’s new Certified Cyber Security Consultancy (CCSC) scheme, the MOD’s Defence Procurement Partnership, the Gambling Commission’s Remote gambling and software technical standards (RTS), the government’s Security Policy Framework, the G–Cloud framework, and the NHS IG Toolkit.

    Click here for more information about public-sector consultancy >>

  • PCI DSS consultancy

    If your organisation is a merchant or service provider that handles payment card data, it must comply with the PCI DSS (Payment Card Industry Data Security Standard).

    Even if you outsource card processing activities to a third party, you’re responsible for ensuring all contracted parties comply with the Standard.

    Whether you need help reducing your cardholder data environment (CDE) or completing a self–assessment questionnaire (SAQ), or your increased transaction volumes have seen you move up a level and you now need a QSA–led report on compliance (RoC), our QSAs and PCI DSS experts can help you find the right way forward.

    Click here for more information about PCI DSS consultancy >>

  • PSOC audits based on ISAE 3402 and SSAE 16

    A SOC audit is often a prerequisite for service organisations to partner with or provide services to tier–one organisations in the supply chain.

    SSAE 16 and ISAE 3402 are independent, industry–recognised assurance standards that are used to audit service organisations, such as outsourced hosting providers and Cloud service providers. Many organisations that have undergone a SAS 70 in the past will now require a SOC 2 report.

    IT Governance can assist with the full SOC process, from conducting a readiness assessment and applying the necessary remedial measures through to testing and reporting, by virtue of its partnership with a leading PCAOB–registered CPA firm.

    Click here for more information about SOC audits based on ISAE 3402 and SSAE 16 >>

For more information about IT Governance’s other consultancy services, please visit our consultancy homepage >>

Speak to an expert

Please contact our team for advice and guidance on our products and services.