This website uses cookies. View our cookie policy

Management team


Alan Calder, Founder and Executive Chairman

Alan Calder is an acknowledged international cyber security guru and a leading author on information security and IT governance issues.

Alan co-wrote (with Steve Watkins) the definitive compliance guide, IT Governance: An International Guide to Data Security and ISO27001/ISO27002 (now in its sixth edition), which is the basis for the UK Open University’s postgraduate course on information security. This work draws on his experience leading the world’s first successful implementation of BS 7799 (now ISO 27001).

Alan has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). He also teaches the IT Governance: Foundations and Principles course (also accredited by IBITGQ).

Alan has consulted for clients in the UK and abroad, and is a regular media commentator and speaker.



Steve Watkins, Director

Steve is an executive director at IT Governance, chair of the ISO/IEC 27001 User Group and contracted technical assessor for UKAS – advising on its assessments of certification bodies offering ISMS/ISO 27001 and ITSMS/ISO 20000-1 accredited certification. He also undertakes information security assessments of forensic science laboratories seeking accreditation to the Forensic Science Regulator’s codes of practice and conduct.

He is a member of ISO/IEC JTC 1/SC 27, the international technical committee responsible for the ISO 27000 family of standards, and chairs the UK National Standards Body’s technical committee IST/33 (Information technology – Security techniques) that mirrors it. Steve is also involved with technical committees: RM/1 (risk management) and RM/1/-/3 (responsible for BS 31111, providing guidance for boards and senior management on cyber risk and resilience); IST/060/02 (IT service management) and IDT/001/0-/04 (data protection). Steve is co-author (with Alan Calder) of the definitive compliance guide, IT Governance: An International Guide to Data Security and ISO27001/ISO27002 (now in its sixth edition).



Neil Acworth, CIO

Neil is IT Governance’s chief information officer and leads our IT team. He looks after IT Governance’s software development business, which provides internal solutions and enterprise software products. He also oversees the management of information security risk at IT Governance and ensures that we maintain compliance with the PCI DSS, ISO 27001 and ISO 9001.

Neil is responsible for improving business productivity through automation, integration and better use of software, and for managing our infrastructure and helpdesk function. He holds a BEng and MSc, as well as TOGAF certification.



Chris Hanwell, Head of Global Sales and Support

Chris manages our multi-channel e-commerce operations and international sales. He previously managed our training and operations departments, accruing a wealth of knowledge across diverse working environments. Chris understands that no two organisations are identical, each having different drivers, internal skill levels and appetites, so he aims to help our customers identify the best-fit solutions for all their governance, risk and compliance requirements.

Following an undergraduate degree in business management with the University of Nottingham, Chris worked with Siemens Communications in their operations division, and at Anglia Ruskin University Cambridge on postgraduate programme accreditation. He has also spent a great deal of time working in various roles relating to the ISO 27001 information security standard, delivering consultancy, auditing and training, and helping to develop risk assessment software.



Tony Drewitt, MBCI; Managing Director at IT Governance

Tony Drewitt has been an operational risk and business continuity management practitioner since 2001, delivering risk management and BCM systems for a wide range of organisations in the private, public and voluntary sectors.

He was one of the first BCM consultants to support a client in achieving registration under BS25999-2, the former business continuity management standard. Tony has also written two books on this standard and delivered the IT Governance BS25999 Masterclass and Foundation courses, helping a wide variety of organisations to understand the standard and develop BCM systems that meet its requirements.

More recently, Tony has worked on developing BCM systems designed to meet the requirements of the new international standard for business continuity management - ISO22301. He is the author of the books: A manager’s Guide to ISO22301, ISO22301: A Pocket Guide and Everything You Want to Know About Business Continuity.

Tony is a member of the Business Continuity Institute (MBCI) and has acted as the technical expert on BS25999 for a UKAS accredited certification body.