Management system standards


Alan Calder

Alan Calder, Founder and Executive Chairman

Alan Calder is an acknowledged international cyber security guru and a leading author on information security and IT governance issues. Alan co-wrote (with Steve Watkins) the definitive compliance guide, IT Governance: An International Guide to Data Security and ISO27001/ISO27002, which is the basis for the UK Open University’s postgraduate course on information security.

More >>

Steve Watkins

Steve Watkins, Director

Steve is a director at IT Governance, chair of the ISO/IEC 27001 User Group, the UK chapter of the ISMS International User Group, and contracted technical assessor for UKAS – advising on their assessments of certification bodies offering ISMS/ISO 27001 and ITSMS/ISO 20000-1 accredited certification.

More >>

Tony Drewitt

Tony Drewitt, Head of Consultancy

Tony leads our consultancy team. He works with clients to help them implement and comply with international standards such as ISO 27001 and ISO 22301 as well as other compliance frameworks such as the NHS Information Governance Toolkit and the UK Gambling Commission’s technical security standard.

More >>

Nick Orchiston

Nick Orchiston, Senior Consultant

Nick is a management systems consultant with more than 19 years’ experience encompassing quality (ISO9001), health and safety (OHSAS18001), environmental (ISO14001) and information security (ISO27001) management systems.

More >>




Alastair Stewart

Alastair Stewart, PCI DSS QSA

Alastair is a PCI QSA and consultant. He conducts gap analyses and remediation planning for clients’ PCI DSS compliance projects; provides advice and consultancy; and carries out PCI DSS audits to help validate compliance.
Alastair creates and delivers training courses on the PCI DSS, the UK’s Cyber Essentials scheme and secure coding practices, and he also supports the delivery of CISSP training courses.

More >>

Jeremy Green

Jeremy Green, PCI Consultant

Jeremy is a PCI consultant with 30 years’ experience in the engineering and software development industries. He conducts gap analyses and provides PCI DSS compliance consultancy to customers. As a technical manager, he has implemented quality, business continuity and information security management systems.

More >>

Gareth Lawrence

Gareth Lawrence, Sr. Information Risk Consultant

Gareth has over 20 years’ experience in audit and assurance services, for ISO 27001, the NHS IG Toolkit, information risk management and internal auditing. Gareth delivers the ISO 27001:2013 Lead Implementer course as an IT Governance public course and as an in-house course for clients.

More >>

Adrian Ross

Adrian Ross, GRC Consultant

Adrian is a highly effective GRC (governance, risk management and compliance) consultant with a degree in law and over 15 years’ experience implementing business solutions within the context of legal compliance. He is particularly strong in intellectual property and data protection law, with excellent presentation and communication skills.

More >>


Our toolkit suite has expanded considerably since we created the world’s first ISO 27001 – then BS 7799 – documentation toolkit. Since then, thousands of organisations worldwide have used our toolkits to achieve certification to a wide range of standards, and we continue to drive improvements to our toolkits based on our wide experience helping organisations implement management systems.
Alan Calder, Founder and Executive Chairman.


We have experts across a number of disciplines, many of whom sit on standards committees and industry forums that develop best practice, so our toolkits, advice and training materials reflect emerging developments and stay ahead of the curve, delivering real benefits to our clients.
Steve Watkins, Director.
Continually improving
The established standard for toolkits
Helping businesses around the world
Comprehensive range
Over 4,000 businesses worldwide
10 years of customer feedback
Benefit from real-world practices