About IT Governance Ltd

IT Governance is a unique organisation.

We source, create and deliver products and services to meet the real-world, evolving IT governance needs of today's organisations, directors, managers and practitioners. Our objective is to make this site the one-stop-shop for comprehensive corporate and IT governance information, advice, guidance, books, tools, training and consultancy.

We have been involved in designing, and successfully implementing, cost-effective BS 7799/ISO 27001 information security management systems since the standard was first promulgated.  We write and publish extensively on IT governance subjects, including IT service management, project governance, regulation and compliance, and have evolved a range of leading-edge tools for IT governance, information security and regulatory compliance practitioners, available through the online shop on this site.

We approach IT governance, regulatory compliance and information security issues from a management perspective and are committed to engaging business leaders in developing and implementing information, ICT regulatory compliance and information security strategies that enable their businesses to compete effectively in the global information economy.


Information, information technology and information security is ALWAYS a business issue, never just an IT one.  Top management is accountable for the organisation's information technology strategy and its deployment.


Our mission is to engage and support Boards and business executives of both public and private sector organisations so that they are better able to properly manage their information technology strategies to achieve strategic goals, protect and secure their intellectual capital and the company's whole market value and meet relevant corporate governance and regulatory compliance objectives.

Our unique proposition

  • We are business-led, not technology driven;
  • We speak business, not tech - we are technologically literate business managers;
  • We are vendor-neutral, technology-independent and framework-agnostic;
  • We focus on cost-effectiveness - ie we don't just do it for you!
  • We are a one-stop-shop with the world's most comprehensive range of GRC books, tools and training available, so that you can choose and buy whatever you need.

We practice what we preach

IT Governance has been awarded both ISO27001 and ISO9001 certification. Both of our management systems are fully-integrated with one another and will ensure information security and quality management best practices are upheld throughout the company.


Currently we are working on implementing other standards including ISO14001, ISO20000 and ISO22301.

Directors and Partners

Alan Calder - author of "IT Governance - A Manager's Guide", is a founder director of IT Governance Ltd.  Before that, he was CEO of Wide Learning, a supplier of e-learning, of Focus Central London and, before that, of Business Link London City Partners (BLLCP).  He was also a member of the DTI's Information Age Competitiveness Working Group.  He was for many years a member of the DNV Certification Services Certification Committee, which certifies compliance with international standards including ISO27001/BS7799.

Alan works with a wide range of clients on IT governance and information security projects which include design, implementation and deployment of management systems and the development and writing of White Papers. He also speaks at seminars and presentations on IT governance, regulatory compliance and information security.

Steve Watkins - Steve is co-author of the book on IT Governance, and a Director at IT Governance Ltd. He has held posts with HM Crown Prosecution Service Inspectorate, London Underground, Focus Central London, Business Link, a large photocopier sales and service organisation and in local Government. In his various roles he has been responsible for most support disciplines. Steve has over 17 years' experience of managing integrated management systems, including maintenance of Information Security, Quality, Environmental and Investor in People certifications. As well as being a trained ISO27001 and ISO9000 lead auditor, Steve is a trained EFQM Assessor and holds diplomas in safety and financial management.

He is Chair of the ISO/IEC27001 User Group, the UK Chapter of the ISMS International User Group, and also sits on the Management Committee of the British Standards Society where he chairs the Corporate Governance Group. 

Together, the authors were responsible for the first company (BLLCP) to achieve BS 7799 registration when the standard was first promulgated in 1996. They have aided other organisations since then to implement effective information security management systems, and have been involved in the development of both the accredited certification scheme and related training standards.