IT Governance Limited was incorporated in 2002 with Alan Calder as the sole shareholder, and commenced trading online in 2005, when Alan began publishing and selling books written by himself and others, as well as selling documentation toolkits on information security.
Over the next three years, Alan Calder worked part time for IT Governance and delivered the first training course in Pakistan in February 2007, as well as undertaking a limited amount of consultancy from April 2007 onwards. In 2008 Alan Calder started working full time at IT Governance as executive chairman, and shortly thereafter, IT Governance began to provide public training courses on information security management. As demand for training and consultancy services grew, Steve Watkins joined as a full time employee later in 2008.
The company's early days were defined by the demand for expertise in implementing information security management systems (ISMS) – which was still a relatively new field in 2005. In fact, Alan and his fellow director, Steve Watkins, were the first people in the UK to successfully implement an ISMS compliant with BS 7799 (the precursor to ISO 27001).
Based on their experience, Alan Calder and Steve Watkins co-wrote and published IT Governance: An International Guide to Data Security and ISO27001/ISO27002 (now in its sixth edition), the definitive compliance guide to the ISO 27001 standard. Today, this book is the basis for the Open University's postgraduate course on information security.
As a consequence of the success of the public training courses the Group was approached by a number of organisations whose employees had attended the training courses to provide guidance and support in implementing the procedures to properly manage their information security. This resulted in the Group setting up a separate consulting division.
The establishment of the Consulting Division resulted in the Group starting a “penetration testing” service in 2010 to test the operation of companies’ data protection and cyber security processes and a software division to develop software to help organisations assess risks to their information and to select appropriate controls in order to reduce those risks.
As a consequence of many of its products and services being purchased online, the Group has for many years serviced a diverse and international customer base. In the year ended 31 March 2017, 18 per cent. of Group revenues were to customers outside the UK. In September 2016 the Group incorporated a subsidiary in Eire (IT Governance Europe Limited), which commenced trading in April 2017, and the Group is in the process of setting up a subsidiary in the USA.
A number of the Group’s products and services have now been translated from English into German, French, Spanish and Italian.
IT Governance was until 2018, the main trading company in the Group. In 2018, following a Group re-organisation a new company, GRC International group plc, became the holding company for the Group.