Consultancy for Small Businesses


According to analysis from the Federation of Small Businesses (Cyber Resilience: How to Protect Small Firms in the Digital Economy), small firms in the UK collectively fall victim to cyber crime 7 million times per year, at a cost to the economy of around £5.26 billion.

However, many small businesses underestimate the extent of the cyber security threats they face and lack the resources to address them.

At IT Governance, we’re clear that best-practice cyber security needn’t be beyond the reach of any organisation.

We’ve worked with hundreds of small businesses and know that you need to establish strong foundations that will continue to serve your business as it grows.

We also appreciate that your time and resources are limited and you need to focus on your core operations, so we provide all that you need to become cyber secure.

We have a complete set of products and services, including information and advice, books and tools, consultancy and technical services, and training and staff awareness for IT governance, risk management, compliance and IT security.

This means you can get everything for your project in one place.

Our flexible and cost–effective delivery options mean that, whatever your available resources, knowledge, preferred project approach or budget, we can provide a solution that will make the most of your assets.


For more information, or to speak to a member of our team about how IT Governance can help your project, email or call 00 800 48 484 484.


Services include:


Cyber Essentials consultancy

The government’s Cyber Essentials scheme was created to help businesses in the UK establish a baseline of cyber security that would mitigate around 80% of the most common cyber attacks.

IT Governance is a certification body for the scheme. Our fixed–price Cyber Essentials packages can help you achieve certification to either Cyber Essentials or Cyber Essentials Plus at a pace and for a budget that suits you.

  • The Cyber Essentials Get A Lot Of Help certification package includes a full-day, on–site consultancy service, Cyber Essentials Documentation Toolkit, Cyber Essentials certification and the required CREST–approved vulnerability scans, all of which will help you to achieve Cyber Essentials certification at the first attempt.

  • The Cyber Essentials Plus Get A Lot Of Help certification package includes a full–day, on–site consultancy service, the Cyber Essentials Documentation Toolkit, Cyber Essentials Plus certification, in addition to the required tests and scans, all aimed at helping you meet the requirements of the scheme and successfully achieve certification to Cyber Essentials Plus.

All Cyber Essentials certifications are managed through our CyberComply online portal. This is a unique online service that enables companies to follow a convenient do–it–yourself approach, including managing and tracking the certification process.

Click for more information about Cyber Essentials solutions >>



IT Governance’s FastTrack™ consultancy packages guarantee fixed–price certification to international standards within a set timeframe for smaller organisations based at a single location.

To find out more about our FastTrack™ packages, visit our dedicated FastTrack™ page >>


Public–sector consultancy

Whether you are a public–sector organisation or a private–sector business that works with the public sector, you will have a number of regulatory and compliance obligations to fulfil, such as CESG’s new Certified Cyber Security Consultancy (CCSC) scheme, the MOD’s Defence Procurement Partnership, the Gambling Commission’s Remote gambling and software technical standards (RTS), the government’s Security Policy Framework, the G–Cloud framework, and the NHS IG Toolkit.

Click here for more information about public-sector consultancy >>


PCI DSS consultancy

If your organisation is a merchant or service provider that handles payment card data, it must comply with the PCI DSS (Payment Card Industry Data Security Standard).

Even if you outsource card processing activities to a third party, you’re responsible for ensuring all contracted parties comply with the Standard.

Whether you need help reducing your cardholder data environment (CDE) or completing a self-assessment questionnaire (SAQ), or your increased transaction volumes have seen you move up a level and you now need a QSA–led report on compliance (RoC), our QSAs and PCI DSS experts can help you find the right way forward.

Click here for more information about PCI DSS consultancy >>

SOC audits based on ISAE 3402 and SSAE 16

A SOC audit is often a prerequisite for service organisations to partner with or provide services to tier–one organisations in the supply chain.

SSAE 16 and ISAE 3402 are independent, industry–recognised, third–party assurance standards that are used to audit service organisations, such as outsourced hosting providers and Cloud service providers. Many organisations that have undergone a SAS 70 in the past will now require a SOC 2 report.

IT Governance can assist with the full SOC process, from conducting a readiness assessment and applying the necessary remedial measures, through to testing and reporting, by virtue of its partnership with a leading PCAOB–registered CPA firm.

Click here for more information about SOC audits based on ISAE 3402 and SSAE 16 >>

For more information about IT Governance’s other consultancy services, please visit our consultancy homepage >>


Contact us

For more information, or to speak to a member of our team about how IT Governance can help your project, email or call 00 800 48 484 484.