This website uses cookies. View our cookie policy
Select regional store:

Alan Calder – CEO of IT Governance

Alan Calder is an acknowledged international cybersecurity guru and a leading author on information security and IT governance issues. He is also chief executive of IT Governance Limited, the single-source provider for products and services in the IT governance, risk management, and compliance sector.


Alan wrote the definitive compliance guide, IT Governance: An International Guide to Data Security and ISO27001/ISO27002 6th edition (co-written with Steve Watkins), which is the basis for the UK Open University's postgraduate course on information security. This work draws on his experience leading the world's first successful implementation of BS7799 (now ISO27001).

Other books written by Alan include The Case for ISO27001, ISO27001 – Nine Steps to Success, Risk Assessment for Asset Owners, IT Governance: Guidelines for Directors, IT Governance: A Practitioner's Handbook, and IT Regulatory Compliance in the UK.

Alan is a frequent media commentator on information security and IT governance issues and has contributed articles and expert comment to a wide range of trade, national, and online news outlets.

Alan was previously CEO of Wide Learning, an eLearning supplier; of Focus Central London, a training and enterprise council; and of Business Link London City Partners, a government agency focused on helping growing businesses develop. He was a member of the Information Age Competitiveness Working Group of the UK Government's Department for Trade & Industry and a member of the DNV Certification Committee, which certifies compliance with international standards including ISO/IEC 27001.

Alan's previous speaking engagements include:

  • Cloud Computing and Virtualization for Public Sector & Enterprize, London (2012) – Information Assurance in the Cloud
  • Information Security Europe, London (2012) – Making Sense of Cyber Threats – Management Overview
  • CREST Ethical Security Testing Conference, London (2012) – Cyber Security – A Critical Business Risk
  • United Nations' Information Security Special Interest Group Symposium, Geneva (2011)
  • Information Security Europe (2011) – Penetration testing: is your website an open door to cybercrime?
  • IT Governance Conference, London (2010) – IT Governance – and chaired the conference
  • Privacy Laws & Business Annual Conference (2010)
  • BSI Conference, London (2010) – Information Security – also chaired the conference.
  • Capita IT Governance Conference, London (2010) – IT Governance: Practitioner Perspective
  • Information Security Europe, London (2010) – Selling Information Security to the Board
  • Public Sector Forum (PSF) Event, London (2009) Data Security – also chaired the conference
  • Expedite & Barracuda Network Event, London (2009) – Compliance and Information Security
  • SC Magazine Information Security Forum, London (2009) – Data Protection Act Compliance
  • BSI Conference, London (2009) – IT Governance
  • Institute of Directors' Event, London (2009) – The Successful Consultant
  • BSI Conference, London (2009) – Best Practice and Standards for Business Results
  • National IT and E-Security (NITES) Conference, Dublin, Ireland (2009) – Data Security
  • Athens International Forum on Information Security (AIFS) Conference, Athens (2009)
  • Public Sector Forum (PSF) Event, London (2008) – PCI DSS for Local Government – and chaired the conference
  • IACON Annual Conference, London (2008)
  • NCC IT Governance Conference, Birmingham (2007) – Strategic Regulatory Compliance
  • ISACA Conference on Information Security, Canada (2007) – Mastering ISO27001
  • Intellect Business Assurance Group (IBC) Conference (2007) – Regulatory Compliance
  • ISSA e-conference (2007) – Strategic Approach to Regulatory Compliance
  • IT Web Conference, South Africa (2006) – IT Governance
  • Information Security Conference, Dubrovnik, Croatia (2006) – Best Practice Frameworks
  • CCitDG (Charities Consortium IT Directors Group) Annual Conference (2005) – IT Governance

Steve G Watkins – Director (Training & Consultancy) at IT Governance

Steve Watkins leads the consultancy and training services of IT Governance. He is Chair of the ISO/IEC 27001 User Group, the UK Chapter of the ISMS International User Group, and an ISMS Technical Assessor for UKAS, advising on their assessments of certification bodies offering accredited certification.


Steve sits on the IST/33 committee responsible for the UK's contributions to the revisions of the ISO2700x series of standards and RM/1, the committee responsible for BS31100, the British Standard for Risk Management and the UK's contributions to ISO 31000. Steve is also co-author (with Alan Calder) of the definitive compliance guide, IT Governance: An International Guide to Data Security and ISO27001/ISO27002.

Steve's previous speaking engagements include:

  • SC IT-GRC Conference, London, UK (2012) – How Can You Ensure Effective Information Governance?
  • IT GRC Conference, Lisbon, Portugal (2012) – GRC and IA – where does IT fit in?
  • IT GRC Conference, Lisbon, Portugal (2011) – Information Security and Supply Chain Assurance
  • ISSA-UK AGM and Chapter Meeting, UK (2010) – ISO27001 Certification for SMEs: The Why, The How and the Therefores
  • Speaker at various regional meetings of the Chartered Quality Institute (2009 – current)
  • ISO27001 Goes Global Conference (2007) – Information Security Risk Assessments in the ERM context