Select regional store:

Consultancy for medium-sized organisations

The government’s 2016 Cyber Security Breaches Surveyfound that the majority of medium-sized businesses have some cyber security controls in place, but these "fall short of best-practice standards".

As cyber attacks continue to increase in scale and severity, this is obviously a concern. Medium–sized businesses have more to lose, and the degree of separation between management and operations is often just enough for cyber attackers to successfully exploit.

According to Ponemon Institute’s 2016 State of Cybersecurity in Small & Medium–Sized Businesses report, 60% of respondents say their organisations "do not have the budget" and another 69% of respondents "do not have the in-house expertise adequate for achieving a strong cybersecurity posture".

IT Governance is committed to helping its clients make the most of their existing assets, whatever their resources, knowledge or preferred project approach.

If you want to improve your security posture, we will provide the level of support you require, within the context of the resources and project plan we agree with you.

This is true whether you seek to become certified against international standards based on the findings of an initial scoping project, to follow best practice, or simply to become compliant.

We believe that serving you well means helping you develop the knowledge necessary to run your own management systems and compliance programmes. We therefore focus on helping you develop your skills and confidence up to and beyond implementation.

Our value–for–money approach aims to help our clients take ownership of their management systems and use them to improve performance across the organisation.


Contact us

For more information, or to speak to a member of our team about how IT Governance can help your project, email or call 00 800 48 484 484.


Services include:

Fixed-price consultancy packages

IT Governance’s unique fixed–price packaged solutions combine tried and tested implementation resources to meet your needs – including consultancy expertise, books, software, training and professional services.

  • Cyber Essentials

    The government’s Cyber Essentials scheme aims to help businesses in the UK establish a baseline of cyber security to mitigate around 80% of the most common cyber attacks.

    Our fixed–price Cyber Essentials packages can help you achieve certification to either Cyber Essentials or Cyber Essentials Plus at a pace and for a budget that suits you.

    Click for more information about Cyber Essentials solutions >>

  • ISO 27001

    ISO 27001 is the international standard that specifies the requirements for an ISMS (information security management system). Accredited certification to the Standard is recognised around the world as the hallmark of best practice, and reassures clients, stakeholders and staff that an organisation takes its responsibilities seriously.

    Our fixed–price ISO 27001 packages can help you achieve certification to the Standard at a pace and for a budget that suits you.

    Click for more information about the full range of ISO 27001 solutions >>


ISO 22301 and business continuity management consultancy

The ISO 22301 standard specifies the requirements for a BCMS (business continuity management system), which can be used in isolation to prepare for disruptive incidents, or combined with ISO 27001 to create a posture of cyber resilience.

Click here for more information about ISO 22301 consultancy >>

Data protection consultancy

The data protection landscape in Europe is being overhauled with the introduction of the EU GDPR, which will be enforced from 25 May 2018. Organisations will need to review and update their organisational and technical measures in order to adequately prepare for the Regulation.

Our specialist data privacy consultancy team can provide you with the necessary expertise to implement a total privacy programme that meets your compliance requirements. We can also undertake an initial gap analysis of your current compliance regime if you are just getting started with a data protection programme.

Click here for more information about data protection/DPA/GDPR consultancy >>

PCI DSS consultancy

If your organisation is a merchant or service provider that handles payment card data, it must comply with the PCI DSS (Payment Card Industry Data Security Standard).

Even if you outsource card processing activities to a third party, you’re responsible for ensuring all contracted parties comply with the Standard.

Whether you need help reducing your cardholder data environment (CDE) or completing a self-assessment questionnaire (SAQ), or your increased transaction volumes have seen you move up a level and you now need a QSA–led report on compliance (RoC), our QSAs and PCI DSS experts can help you find the right way forward.

Click here for more information about PCI DSS consultancy >>

Public–sector consultancy

Whether you are a public–sector organisation or a private–sector business that works with the public sector, you will have a number of regulatory and compliance obligations to fulfil, such as CESG’s new Certified Cyber Security Consultancy (CCSC) scheme, the MOD’s Defence Procurement Partnership, the Gambling Commission’s Remote gambling and software technical standards (RTS), the government’s Security Policy Framework, the G–Cloud framework, and the NHS IG Toolkit.

Click here for more information about public-sector consultancy >>

SOC audits based on ISAE 3402 and SSAE 16

A SOC audit is often a prerequisite for service organisations to partner with or provide services to tier–one organisations in the supply chain.

SSAE 16 and ISAE 3402 are independent, industry–recognised, third–party assurance standards that are used to audit service organisations, such as outsourced hosting providers and Cloud service providers. Many organisations that have undergone a SAS 70 in the past will now require a SOC 2 report.

IT Governance can assist with the full SOC process, from conducting a readiness assessment and applying the necessary remedial measures, through to testing and reporting, by virtue of its partnership with a leading PCAOB–registered CPA firm.

Click here for more information about SOC audits based on ISAE 3402 and SSAE 16 >>

For more information about IT Governance’s other consultancy services, please visit our consultancy homepage >>


Contact us

For more information, or to speak to a member of our team about how IT Governance can help your project, email or call 00 800 48 484 484.

This website uses cookies. View our cookie policy