IT Governance

IT Governance is a well-established UK cybersecurity and compliance consultancy founded in 2002 by Alan Calder, headquartered in Ely, Cambridgeshire. The company is part of GRC International Group PLC, an AIM-listed company, and has grown to employ between 201-500 staff. IT Governance has built a strong reputation as a one-stop shop for governance, risk management, and compliance solutions, with penetration testing forming a key part of their broader security and compliance service portfolio.

IT Governance provides CREST-approved penetration testing services delivered by a certified team of UK-based consultants. Their testing capabilities include web application penetration testing, external and internal infrastructure penetration testing, and PCI-specific penetration testing for payment card environments. Their proprietary security testing methodology is aligned with established frameworks including SANS, OSSTMM, and OWASP.

Beyond penetration testing, IT Governance offers an extensive range of compliance-focused services spanning ISO 27001 implementation and certification, PCI DSS compliance, GDPR advisory, Cyber Essentials certification, SOC 2 reporting, AI governance, training and e-learning, and managed security services.