This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

Consultancy for the public sector and its suppliers

Whether you are a public-sector organisation or a private-sector business that works with the public sector, you will have a number of regulatory and compliance obligations to fulfil, such as the MOD’s Defence Procurement Partnership, the Gambling Commission’s Remote gambling and software technical standards (RTS), the government’s Security Policy Framework, and the NHS Information Governance (IG) Toolkit.

On top of these obligations, all organisations in the UK that collect, process or store personal information must comply with the Data Protection Act 1998 (DPA), or face fines of up to £500,000 in the event of a data breach.

In May 2018, the DPA will be superseded by the EU General Data Protection Regulation (GDPR), which prescribes considerably greater penalties: up to 4% of annual global turnover or €20 million – whichever is greater.

Click here to find out more about the GDPR >>

IT Governance’s experienced in-house consultants have a deep understanding of the range of cyber risks facing organisations today, helping you to implement the best possible security solutions for your budget and requirements.

Our consultancy services include:

  • ISO 27001 consultancy

    ISO 27001 is the international standard that defines best practice for an information security management system (ISMS). It is the only independently auditable information security management standard in the world, and is globally recognised as the most comprehensive solution for achieving an enhanced cyber security posture.

    Accredited certification to the Standard allows you to meet numerous legal and regulatory requirements related to information security.

    We’ve helped more than 400 organisations achieve accredited certification to the Standard, and provide implementation support to suit every budget, timescale or location. From fixed-price packages to bespoke consultancy, we can supply everything you need to implement an ISO 27001-compliant ISMS.

    Click here to find out more about our wide range of ISO 27001 implementation solutions >>

  • Cyber Health Check

    The three-phase Cyber Health Check combines on-site consultancy and audit with remote vulnerability assessments to assess your cyber risk exposure. Our four–step approach will identify your actual cyber risks, audit the effectiveness of your responses to those risks, analyse your real risk exposure and then create a prioritised action plan for managing those risks in line with your business objectives.

    Click here for more information about our Cyber Health Check service >>

  • G-Cloud consultancy

    The UK government’s G-Cloud framework makes it faster and cheaper for the public sector to buy Cloud services. Suppliers are approved by the Crown Commercial Service (CCS) via the G-Cloud application process, eliminating the need to go through a full tender process for each buyer.

    IT Governance has been approved to provide six cyber security services via the government’s Digital Marketplace for Cloud support.

    Click here for more information about G–Cloud consultancy >>

  • NCSC Certified Cyber Security Consultancy scheme

    IT Governance is not yet certified under the National Cyber Security Centre’s (NCSC) new Certified Cyber Security Consultancy (CCSC) scheme, but hopes to be an early adopter.

    There are currently four CCSC categories, and IT Governance offers consultancy services related to each:

    Click here for more information about the NCSC CCSC scheme >>

  • IG Toolkit

    Produced by the Health and Social Care Information Centre (HSCIC), the IG Toolkit makes sure that the integrity and confidentiality of patient data is protected, and helps organisations to supply NHS clients and connect to the N3 network.

    Our consultancy team offers a broad range of services that are tailored to meet your exact needs:

    • IG Toolkit FastTrack™

      The fixed-price IG Toolkit FastTrack consultancy service has been designed for business partners and commercial third parties with fewer than 20 employees and a single office location. For larger organisations, please contact us for a quote.

      Click here for more information on the IG Toolkit FastTrack service >>

    • IG Toolkit Health Check

      The fixed-price IG Toolkit Health Check is a two-day, on-site assessment service that includes assessing your current policies, procedures, practices and information governance regime against the requirements of the latest version of the IG Toolkit. Following this assessment, our expert consultants will provide you with a detailed report explaining where your shortcomings lie and an outline of the actions you should take.

      Click here for more information on the IG Toolkit Health Check >>

    • IG Toolkit Managed Service

      Maintain compliance with the latest version of the IG Toolkit with this annual support package for FastTrack clients. Our expert consultants will conduct the necessary assessments, update your documentation in line with the latest version of the IG Toolkit and submit your annual IG Statement of Compliance (SoC) to the HSCIC.

      Click here for more information on the IG Toolkit Managed Service >>

  • Cyber incident response management

    The speed at which you identify a breach, combat the spread of malware, prevent unauthorised access to data and remediate the threat will make a significant difference in controlling risk, costs and exposure during an incident. Effective incident response processes can reduce the risk of future incidents occurring.

    With an effective incident response plan, you will be able to detect incidents at an earlier stage and develop an effective defence against the attack.

    IT Governance’s cyber security incident response consultancy service is based on best-practice frameworks ISO 27001, ISO/IEC 27035 (the international standard for cyber incident response) and those developed by CREST. It can help you develop the resilience to protect against, remediate and recover from a wide range of cyber incidents.

    Click here for more information about cyber incident response management >>

  • Gambling Commission security requirements

    The Gambling Commission’s RTS details the specific technical standards and the security requirements that licensed remote gambling operators and gambling software operators need to meet.

    Under section 5 of the RTS, remote gambling operators must complete an annual third-party security audit against specific sections of ISO 27001 and submit an audit report to the Commission.

    Gambling operators that obtain certification to the full Standard must be audited against ISO 27001.

    Click here for more information about Gambling Commission RTS compliance >>


    AXELOS’s RESILIA portfolio includes cyber resilience tools, resources and certified training courses that are intended to set a benchmark for cyber resilience knowledge and skills.

    Click here for more information about RESILIA >>

  • NIST Cybersecurity Framework (CSF)

    The NIST CSF was designed with the intent that individual businesses and other organisations use an assessment of the business risks they face to guide their use of the framework in a cost-effective way.

    IT Governance can help with the full NIST CSF implementation process, from project scoping and risk assessment right through to advising on the necessary remediation measures to implement your action plan.

    Click here for more information about the NIST CSF >>

  • Security plans

    Government departments are asking providers to set out their security plan before or shortly after being awarded a contract. IT Governance’s consultants can help you complete your security plan and meet government requirements.

    Click here for more information about security plans >>

For more information about IT Governance’s other consultancy services, please visit our consultancy homepage >>

Speak to an expert

Please contact our team for advice and guidance on our products and services.