Select regional store:

Consultancy for the public sector

Whether you are a public–sector organisation or a private–sector business that works with the public sector, you will have a number of regulatory and compliance obligations to fulfil, such as CESG’s new Certified Cyber Security Consultancy (CCSC) scheme, the MOD’s Defence Procurement Partnership, the Gambling Commission’s Remote gambling and software technical standards (RTS), the government’s Security Policy Framework, and the NHS IG Toolkit.

On top of these obligations, all organisations in the UK that collect, process or store personal information must comply with the Data Protection Act 1998 (DPA), or face fines of up to £500,000 in the event of a data breach.

In May 2018, the DPA will be superseded by the EU General Data Protection Regulation (GDPR), which prescribes considerably greater penalties – up to 4% of annual global turnover or €20 million.

Click here to find out more about the GDPR >>

IT Governance’s experienced in-house consultants have a deep understanding of the range of cyber risks facing organisations today, enabling you to implement the best possible security solutions for your budget and requirements.


Contact us

For more information, or to speak to a member of our team about how IT Governance can help your project, email or call 00 800 48 484 484.


Services include:

ISO 27001 consultancy

ISO 27001 is the international standard that defines best practice for an ISMS (information security management system). It is the only independently auditable information security management standard in the world, and is globally recognised as the most comprehensive solution to achieving an enhanced cyber security posture.

Accredited certification to the Standard enables you to meet numerous information security–related legal and regulatory compliance requirements.

We’ve helped more than 400 organisations achieve accredited certification to the Standard, and provide implementation support to suit every budget, timescale or location. From fixed–price packages to bespoke consultancy, we can supply everything you need to implement an ISO 27001–compliant ISMS.

Click here to find out more about our wide range of ISO 27001 implementation solutions >>

Cyber Health Check

The two–day Cyber Health Check combines on–site consultancy and audit with remote vulnerability assessments to assess your cyber risk exposure. Our four–step approach will identify your actual cyber risks, audit the effectiveness of your responses to those risks, analyse your real risk exposure and then create a prioritised action plan for managing those risks in line with your business objectives.

Click here for more information about our Cyber Health Check service >>

G–Cloud supplier assurance

The G–Cloud framework allows UK Government bodies to purchase Cloud services, and is aimed at making public–sector Cloud service acquisition quicker and more transparent. This selection process eliminates the need to go through a full tender process.

Providers of Cloud services are expected to consider the 14 Cloud Security Principles and to provide assurance that these principles are applied when presenting their offerings to public sector consumers. This will allow consumers to make informed choices about which services are appropriate for their needs.

IT Governance can provide the required expertise in the form of information assurance audits, ISO 27001 certification, and CESG Certified Professionals (CCPs) to undertake the necessary assurance activities.

Click here for more information about G–Cloud consultancy >>


CESG Certified Cyber Security Consultancy service

IT Governance has developed a new cyber security consultancy service aligned with the requirements of CESG’s new Certified Cyber Security Consultancy (CCSC) scheme.

There are currently four CCSC categories, and IT Governance offers consultancy services in each:

Click here for more information about the CESG CCSC >>

IG Toolkit

Produced by the Health and Social Care Information Centre (HSCIC), the IG Toolkit ensures that the integrity and confidentiality of patient data is protected, and enables organisations to supply NHS clients and connect to the N3 network.

Our consultancy team offers a broad range of services that are tailored to meet your exact needs:

  • IG Toolkit FastTrack™

    The fixed–price IG Toolkit FastTrack consultancy service has been designed for Business Partners and Commercial Third Parties with fewer than 20 employees and a single office location. For larger organisations, please contact us for a quote.

    Click here for more information on the IG Toolkit FastTrack service >>
  • IG Toolkit Health Check

    The fixed–price IG Toolkit Health Check is a two&ndsah;day, on–site assessment service that includes assessing your current policies, procedures, practices and information governance regime against the requirements of the latest version of the IG Toolkit. Following this assessment, our expert consultants will provide you with a detailed report explaining where your shortcomings lie and an outline of the recommended actions you should take.

    Click here for more information on the IG Toolkit Health Check >>
  • IG Toolkit Managed Service

    Maintain compliance with the latest version of the IG Toolkit with this annual support package for FastTrack™ clients. Our expert consultants will conduct the necessary assessments, update your documentation in line with the latest version of the IG Toolkit, and submit your annual IG SoC (Statement of Compliance) to the HSCIC.

    Click here for more information on the IG Toolkit Managed Service >>

Cyber incident response management

The speed at which you identify a breach, combat the spread of malware, prevent unauthorised access to data and remediate the threat will make a significant difference in controlling risk, costs and exposure during an incident. Effective incident response processes can reduce the risk of future incidents occurring.

With an effective incident response plan, you will be able to detect incidents at an earlier stage and develop an effective defence against the attack.

IT Governance’s cyber security incident response consultancy service is based on best-practice frameworks ISO 27001, ISO/IEC 27035 (the international standard for cyber incident response) and those developed by CREST, and can help you develop the resilience to protect against, remediate and recover from a wide range of cyber incidents.

Click here for more information about cyber incident response management >>

Gambling Commission security requirements

The Gambling Commission’s Remote gambling and software technical standards (RTS) detail the specific technical standards and the security requirements that licensed remote gambling operators and gambling software operators need to meet.

Under section 5 of the RTS, remote gambling operators must complete an annual third-party security audit against specific sections of ISO 27001 and submit an audit report to the Commission.

Gambling operators that obtain certification to the full Standard must be audited against ISO 27001.

Click here for more information about Gambling Commission RTS compliance >>


AXELOS’s RESILIA portfolio includes cyber resilience tools, resources and certified training courses that are intended to set a benchmark for cyber resilience knowledge and skills.

Click here for more information about RESILIA >>

Security plans

Government departments are asking providers to set out their security plan before or shortly after being awarded a contract. IT Governance’s consultants can help you complete your security plan and meet government requirements.

Click here for more information about security plans >>


For more information about IT Governance’s other consultancy services, please visit our consultancy homepage >>


Contact us

For more information, or to speak to a member of our team about how IT Governance can help your project, email or call 00 800 48 484 484.

This website uses cookies. View our cookie policy