IT Governance Limited is the single-source provider for books, tools, training and consultancy focused on information technology governance, risk management and compliance (IT-GRC). We provide expert information and guidance on many of today’s most critical GRC issues, such as information security (including ISO 27001, ISO 27002, DPA and PCI DSS), IT governance (including CobiT®, ITIL® and ISO/IEC 20000), business continuity (including ISO 22301) and project governance (PRINCE2).

IT Governance’s policy is to offer only the very best GRC products available on the market. These include our own proprietary books, toolkits, software and services, and an extensive range of other books and resources published by many of the world’s most respected authors and organisations. Our objective is to provide in a single place everything needed to meet today’s technology compliance challenges: the most authoritative and helpful books; the most intuitive specialist toolkits and software; access to best practice training workshops and courses, both our own and third party; and specialist consultancy services grounded in our deep understanding of the subject area.

IS Policy & Procedures

There is no rule for the type or number of volunteer policies and procedures you need in your organisation. And you certainly don't want to generate paperwork or processes just for the sake of it. Your organisation might have one overarching general volunteer policy, or a number of separate policies for different aspects of your volunteering program. Either way, they need to reflect the particular values of your organisation and outline how you involve and support your volunteers. You may also have specific aspects of your own volunteering program that you want to cover in a policy.

Know More


Being security aware means you understand that there is the potential for some people to deliberately or accidentally steal, damage, or misuse the data that is stored within a company's computer systems and throughout its organization. Therefore, it would be prudent to support the assets of the institution (information, physical, and personal) by trying to stop that from happening.
According to the European Network and Information Security Agency, 'Awareness of the risks and available safeguards is the first line of defence for the security of information systems and networks.'

'The focus of Security Awareness consultancy should be to achieve a long term shift in the attitude of employees towards security, whilst promoting a cultural and behavioural change within an organisation. Security policies should be viewed as key enablers for the organisation, not as a series of rules restricting the efficient working of your business.'

Know More


The methodology for developing IT strategy was derived in a specific context, and aimed at addressing the practical need to establish a working set of IT strategy documents at a large South African research university. The resulting strategy aims to guide IT governance, enterprise architecture and the targeted application of IT resources. Neither the methodology nor the resulting strategy attempts to be comprehensive or academic in any sense, but illustrates what was possible and practical at a specific institution with a specific culture, style of management and a sufficient level of IT organisational acceptance.

Know More