Corporate Vision February 2017

16 CORPORATE VISION / February 2017 , Working Harder and Smarter For Longer IT Governance is a leading global provider of IT governance, riskmanagement and compli- ance solutions, with a special focus on cyber resilience, data protection, the PCI DSS, ISO 27001 and cyber security. We spoke to their CEO, Alan Calder to find out more about the firm. IT Governance helps firms of all sizes achieve their information security objectives through a mixture of tools, training, consultancy and penetration testing, with affordable bespoke and packaged solutions. The company has the knowledge and insight to provide unparalleled support and advice, tailored to meet any organisation’s specific needs or budget. Alan Calder speaks to us about what the firm provides to clients. “IT Governance is committed to helping businesses protect themselves and their customers from current and evolving threats to their information assets. Using our industry expertise and pragmatic approach to information security, we help organisations worldwide implement information security standards such as ISO 27001 to improve their defences, and provide comprehensive training and staff awareness programmes to employees. IT Governance supports a wide range of organisations across the UK, Europe and the rest of the world, from major banks, telecommunications providers and healthcare organisations right down to SMEs and micro- organisations. “We pride ourselves on our ability to deliver a broad range of integrated cyber security solutions to an international customer base, meeting the needs of organisations, directors and practitioners worldwide. Our ongoing strategy is to maintain expertise across the entire IT GRC landscape so that we can respond in an agile, effective and efficient manner to the security issues affecting our clients.” When first approaching a client, Alan explains how the firm ensure they have an effective process whereby clients’ needs are. “We have put in place a mature and comprehensive quality management programme that ensures our solutions and services consistently meet our high standards, which has helped us develop and grow exponentially as a company in the past two years. Our solutions are informed and directed by our subject matter experts – from documentation toolkits that help organisations streamline implementation projects, to books and pocket guides, training courses, web applications, software, staff awareness and embedded consultancy services. “IT Governance encourages client feedback both through our website and through direct interaction with our staff and consultants, and many of our products are improved on the basis of their feedback. We are also represented on a number of committees and forums that develop best practice in our industry. This is an investment that enables us to stay ahead of the curve and develop solutions that meet the current market needs.” Security is an issue which IT Governance has noticed has become more prevalent in the industry today. Alan outlines how the industry has changed since the firms’ inception. “We have been advocates of information security and ISO 27001 for more than ten years, and it’s only been in the last two years that we have seen an increase in press and media reports on organisations facing financial and reputational damage as a result of a data breach or cyber-attack. The key change is the surge in the number of threats, along with the growing understanding of the risks and threats we are exposed to, and now the market has started to accommodate the resulting demands. “The large number of data breaches that have occurred in the past year have increased demand for competent and qualified information security professionals. We’ve seen a growing number of organisations adopt information security and appropriate security controls, and seek certification to information security standards or schemes such as ISO 27001 (the international best-practice standard for information security), Cyber Essentials (the UK government-backed cyber security scheme), and the PCI DSS (the Payment Card Industry Data Security Standard). “As the competence shortfall has pushed the cost of expertise higher, we have focused on and invested across the board in keeping hold of our staff at all levels, and our consultants in particular. This resulted in our agenda now being increasingly that of all our customers.” Alan describes what the current state of the industry and what changes are affecting it. “The recently approved General Data Protection Regulation (GDPR) will change the way businesses collect and process data on EU residents. From May 2018, organisations will be required to have adopted and implemented the requirements of the Regulation, placing data protection (and the GDPR) at the top of every board’s agenda. “Organisations that suffer a data breach under the GDPR can face massive fines of up to 4% of annual global revenue or €20 million – whichever is greater. We have seen an increased interest in GDPR compliance solutions – more specifically, training courses and consultancy services. We applied our expertise and knowledge to deliver the support, and were the first provider of GDPR Foundation and Practitioner training courses and accredited qualifications, which will help organisations implement their GDPR compliance projects.” At IT Governance, technology is evidently a vital component of their day to day business. Alan describes the importance of technology for the firm. “New technologies and Internet- connected smart devices play an essential role in ensuring we run our everyday business activities effectively and efficiently. It is critical that organisations understand their reliance on the security of these technologies in order to avoid being exploited and the control measures they 1701CV77