GRC Consultancy FAQs


This page aims to answer your questions about our governance, risk management and compliance consultancy services. If your question isn’t answered below, please don’t hesitate to contact us via email, or by calling us on 00 800 48 484 484.


Does IT Governance have experience working in our sector?

The IT Governance IT GRC Consultancy team has worked with organisations of all sizes, from the smallest SMEs to global enterprises, for more than a decade. Our qualified advisers and mentors support a diverse selection of projects and clients.

Our trusted advisers have consulted on hundreds of successful compliance and cultural change projects, with a track record of more than 400 clients successfully certificated to ISO 27001 alone.

Our team is one of the most experienced in the world, having worked on projects in a wide range of public- and private-sector organisations in a variety of market sectors, including the automotive, banking and financial, charity, mining, oil and gas, technology, and telecommunications industries.

Visit our Consultancy Case Studies page to learn more >>


Are your consultants able to tackle our project?

We only employ highly qualified and experienced consultants with an extensive track record of successfully delivering projects across a range of international standards and contractual compliance disciplines.

Over and above their professional competences, each member of our team has a specialised area of expertise that has enabled them to establish a well-respected stature within their field. Where required, we will happily provide CVs for the consultant(s) who will work on your project.


Which certification bodies do you recommend?

We strongly recommend that you only use certification bodies that are accredited by the relevant national accreditation body (UKAS or equivalent), as indicated by their membership of the IAF (International Accreditation Forum).

IT Governance is widely recognised among UKAS-accredited certification bodies as a leading consultancy organisation, and is listed by the following:

  • BSI Management Systems UK Associate Consultant Programme
  • Bureau Veritas Certification approved list for the implementation and management of ISO 27001 and ISO 20000
  • ISOQAR consultant database
  • Lloyds Register Quality Assurance (LRQA) Consultant Network
  • NQA Associate Consultant Register
Associate Consultant Programme
LRQA Consultants Network
LRQA Consultants Network


We don’t have a preferred certification body, but can advise on the criteria that you should consider when deciding which to appoint.

Our clients have used the following UKAS-accredited (or equivalent) certification bodies: ACS, AJA Registrars, BSI, Bureau Veritas, Certification Europe, Certification International, Det Norske Veritas, ISOQAR, LRQA, NQA, and SGS.

Although we believe that it is in our clients’ interests to manage their own relationship with certification bodies, we are more than happy to do this for you, if you prefer.


How long will it take to achieve certification?

In the early days of a new ISO management standard/certification scheme, it can take up to 18 months to achieve certification. When a scheme has matured, that time reduces to around 6 to 9 months, and in some cases it’s less than that.

Project duration obviously varies according to scale and scope. Our FastTrack™ Online ISO 27001 Consultancy, for example, guarantees certification for organisations with fewer than 20 employees in three months and for a fixed fee.

IT Governance is particularly experienced in accelerating accredited certification projects. We can also provide letters of assurance for clients that need to demonstrate to their clients that they are on track to complete on time.


What will it cost to achieve certification?

Each project is different, so this depends on your timescale, where certification sits in comparison with other objectives, the existing stance of the organisation, and how you choose to resource the project.

Contact us at or on 00 800 48 484 484 to discuss your circumstances and get a no-obligation estimate.


How do you make sure the project delivers on time and meets objectives?

We agree a project plan and timeline with you from the outset. We also try to ensure that you have the same consultant throughout the project. We have a full support team behind every consultancy project to ensure:

  • Timely delivery
    We make absolutely sure that your project delivers on time.

  • Personalised service
    Your assigned consultant is available when required by your project.

  • Active management
    Our processes and records minimise disruption to your experience of our service.

We manage our resources efficiently and effectively – putting you at the centre of our planning and delivery. Of course, it also means that you can speak to a member of your consultancy team at any time, without having to wait for your consultant to get in touch with you.


How do we get help when your consultants are not on-site?

As a client of IT Governance you have telephone and email access to us 365 days a year, with responses within hours rather than days. We will always be there to help you.


What other costs should we budget for?

There are no hidden costs. Our project proposal identifies everything that you will need to do, or purchase, in order to successfully prepare for certification.

To achieve certification to an ISO management standard, you will have to:

  • Read and understand the standard – the essential starting point.

  • Work with our consultant to identify the gaps between your current systems and those required by the standard.

  • Put in place the policies, procedures and controls that we outline in our detailed proposal.

With the help of our consultants, you will meet all the requirements in the shortest possible time. It’s that simple!

Our position is one of vendor neutrality. We will, however, make recommendations on products and services if asked to do so.


What support do you provide following certification?

IT Governance believes that if a consultancy service is to deliver real value for money it must transfer the knowledge and tools to maintain and develop the system that your business needs. This means that our clients rarely need further support in relation to the service provided.

Of course, some of our clients want us to remain involved – running their internal ISMS audit programme for them, for example – and we are more than happy to provide such arrangements.

We are always interested to hear how our previous clients are getting on, and we are happy to answer any queries we receive from them.


Contact us

For more information, or to speak to a member of our team about how IT Governance can help your project, email or call 00 800 48 484 484.

Return to the Consultancy homepage >>

SAVE 25%