Management team

Alan Calder is an acknowledged international cyber security guru and a leading author on information security and IT governance issues.

Alan founded IT Governance in 2002. He has written more than 20 books on cyber security , most recently revising Nine Steps to Success: An ISO 27001 Implementation Overview as well as tackling the GDPR with EU General Data Protection Regulation (GDPR) – An Implementation and Compliance Guide and EU GDPR: A Pocket Guide. Alan’s work draws on his experience leading the world’s first successful implementation of BS 7799 (now ISO 27001), and is also the basis for the UK Open University’s postgraduate course on information security.

Alan has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications).

Alan has consulted for clients in the UK and abroad, on cyber security and data governance, and is a regular media commentator and speaker.

Steve Watkins is a director at IT Governance. As well as being a member of ISO/IEC JTC 1/SC 27, the international technical committee responsible for the ISO 27000 family of standards, he holds a number of high-profile roles in the world of cyber security standards and certification, including chair of the UK ISO 27001 User Group and technical assessor for UKAS: conducting assessments of certification bodies offering ISMS/ISO 27001 and ITSMS/ISO 20000-1 accredited certification. He also undertakes information security assessments of forensic science laboratories seeking accreditation to the Forensic Science Regulator’s Code of Practice and Conduct, and is chair of the UK National Standards Body’s technical committee IST/33 (Information technology – Security techniques) that mirrors SC 27.

Steve is also involved with the UK standards technical committees RM/1 (risk management) and RM/1/-/3 (responsible for BS 31111, providing guidance for boards and senior management on cyber risk and resilience), IST/060/02 (IT service management) and IDT/001/0-/04 (data protection).

Steve is co-author (with Alan Calder) of the definitive compliance guide, IT Governance: An International Guide to Data Security and ISO 27001/ISO 27002 (now in its seventh edition), in addition to other publications.