Calder says: “The Sony breach should serve as a warning, to every company and organisation, of the dangers of cyber crime.

“The ISO27001 security management standard is international best practice for any organisation seeking a structured framework to address cyber risks. Enlightened organisations will want to know their supply chain and other business partners are resilient against attack, and many companies will insist ISO27001 is both implemented and independently verified before entering into contracts with partners.

“Nobody should delay in implementing an IT security improvement programme. The cost of complacency can be enormous, not only financially but also in terms of long-term brand and reputational damage. The threats are very real – and if you are not properly prepared, you could be tomorrow’s victim.”

By way of a short bio, Alan Calder is a leading author on information security and IT governance issues. Alan is an authority on ISO27001 (formerly BS7799), the international security standard, about which he wrote the definitive compliance guide, ‘IT Governance: A Manager’s Guide to Data Security and ISO27001/ISO27002’. This work is the basis for the UK Open University’s postgraduate course on information security.

Werner Henschelchen, General Manager of gasq, says: ‘There are a number of training organisations across Europe which are interested in delivering accredited training courses around information security management, business resilience and IT governance. The new IBITGQ framework will define structured learning paths from foundation courses through to advanced and expert-level qualifications. Qualifications will initially be built around the implementation and audit skills required for best-practice management standards, such as ISO/IEC 27001, ISO/IEC 27005, BS25999 and ISO/IEC 38500.’

IBITGQ will develop and publish syllabuses for each of the qualifications that it establishes, as it establishes them, and these syllabuses will be freely available from the IBITGQ website, www.ibitgq.org, which is currently under development and will be launched within the next two weeks.

‘Open examinations for all IBITGQ courses will be available online through gasq and at the end of accredited training courses, through accredited exam centres. We have already accredited IT Governance Ltd for the delivery of training leading to the first two IBITGQ certifications’, adds Werner Henschelchen.

Alan Calder, Chief Executive of IT Governance, says: ‘It’s hard to assess the relative quality and value of many training courses without standardised testing and external accreditation by established examination bodies. IT governance, information security and business resilience are increasingly important to organisations worldwide. We believe that a formal qualification scheme will provide a framework for professionals within the industry to develop the range of interconnected skills that employers will need in the years ahead.’

IBITGQ, an association working non-for-profit incorporated under German law, draws initially on gasq’s international expertise in the accreditation of training providers, provision of examinations and certification of personnel, and the well-regarded IT governance, information security and compliance training expertise of IT Governance Ltd. IBITGQ is actively recruiting additional board members from the industry and will be developing relationships with relevant industry bodies in the UK, across Europe and in North America.

Those training organisations that wish to deliver IBITGQ-accredited training courses will be able to use the published syllabuses and range of supporting materials to develop their own capability to the point that they and their courses can be accredited. There will also be a range of supporting manuals, training and examination guides, and approved courseware to simplify the route to accreditation for training organisations and to help candidates prepare for the examinations. Everything that a training organisation might need in order to prepare for accreditation, and more, will be available from the IBITGQ website.

The first two IBITGQ-accredited courses are the Certified ISMS ISO27001 Lead Implementer and the Certified ISMS ISO27001 Lead Auditor courses. The first ATO delivering these courses is IT Governance Ltd, and the first courses will take place in London in May.

‘Continuing professional development is critical for IT governance, information security and business resilience professionals today’, adds Werner Henschelchen, ‘and, for this reason, we will be working with IT Governance and members of the IBITGQ board to develop a CPD scheme that will ensure that employers continue to value the IBITGQ range of certifications. All members of the broad IT governance industry are welcome to join IBITGQ, which can be done (for a small annual fee) by going to the association’s website when it is launched.’

ITG’s selection for the role recognises and confirms the company’s unique position as an independent supplier of quality information, advice, books, tools, training and consultancy to the IT best practice world.

TickITplus is evolving from the existing TickIT scheme, aimed at improving the quality of software. The goal is to help software suppliers, including in-house developers, define and implement a quality system that covers all the essential business processes in the product lifecycle, within the framework of the quality management systems standard ISO9001. Launch of the TickITplus scheme is scheduled for early 2011.

IT Governance is developing a new TickITplus website to offer comprehensive information, news, advice and guidance, alongside an e-commerce service selling all the official TickITplus titles and tools. The site will also provide contact details for accredited TickITplus training providers, training courses, practitioners and consultants, as well as holding a database of certified organisations.

Alan Calder, Chief Executive of IT Governance, says: ‘We’re the ideal partner for this type of IT best practice project, running third-party websites that depend on knowledgeable customer service. We offer proven logistical and e-commerce expertise and we are an established, authorised reseller of British Standards Institution (BSI) books and standards. We have equally well-established distribution arrangements with every relevant book publisher and training provider. Furthermore, our customer sales and service team is renowned for helping customers find appropriate books, tools, training and consultants. Last but not least, we are compliant with the requirements of the Payment Card Industry Data Security Standard (PCI DSS) and the international information security standard ISO/IEC 27001.

‘We will be completely revamping the existing TickITplus website to reflect the evolving nature of the scheme.’

ITG is also taking over management of the existing TickIT website.

In future, news and information about the TickITplus scheme will be published on the new website at: www.tickitplus.org. Further announcements about the roll-out of the scheme are expected soon.

Running until Christmas, the sale includes discount prices on an extensive range of IT Infrastructure Library (ITIL®) service management titles, PRINCE2® (PRojects IN Controlled Environments) project management books and examination guides.

Alan Calder, Chief Executive of IT Governance, says: ‘Even at the best of times, companies have to compete fiercely to survive and thrive. In the current economic climate, and in the tough times we know will be ahead, this challenge becomes even harder. Businesses become more vulnerable. IT service and project failures can destroy a company’s value fast.

‘Conversely, however, effective technology investment and implementation boosts a company’s chances of sustained success. Deployment of the best practice principles of ITIL and PRINCE2 dramatically increases a company’s resilience.

‘To achieve best practice, though, you need access to top-quality guidance from books that are not always available at budget-friendly prices. That’s why we’re slashing our prices until Christmas. We want to ensure ITIL and PRINCE2 best practice is available to, and affordable for, every organisation. Furthermore, we want to use this sale to showcase ITG’s improved fulfilment service and our reduced UK shipping costs.

‘If companies act now, they can find unbeatable prices en route to service and project management excellence in 2011.’

The complete ITG Autumn Sale range can be found at: http://www.itgovernance.co.uk.

BS10012 is the British standard that specifies the requirements for a personal information management system (PIMS). By defining a best practice approach for managing personal information, the standard makes it possible for management and external auditors to assess an organisation’s compliance with, among other things, the requirements of the DPA. BS10012 is intended for use by organisations of all sizes in the public, private and not-for-profit sectors.

IT Governance’s DPA Compliance with BS10012 Documentation Toolkit includes step-by-step guidance on establishing a BS10012 PIMS and provides a complete set of the necessary documentation, from a Fair Processing Notice through to a procedure for handling Subject Access Requests. The toolkit also shows how to integrate a BS10012 PIMS with an ISO27001 information security management system.

Alan Calder, Chief Executive of IT Governance, says: “The Data Protection Act sets out eight principles for securely managing personal information, but offers no guidance on how these principles should be adhered to. It can therefore be very difficult for management to know if it is doing the right thing, which is worrying when non-compliant organisations can suffer heavy fines and reputational damage.

“BS10012 therefore comes as a welcome relief, as it sets out an approach to DPA compliance that is clear and can be independently tested,” Calder continues. “With the Information Commissioner increasingly keen to punish DPA compliance offenders, there is no time to waste. That is why the DPA Compliance with BS10012 Toolkit contains everything an organisation needs to implement this standard without delay.”

The DPA Compliance with BS10012 Documentation Toolkit is priced at £249.95/US$373.02/€274.90 and may be ordered for immediate download at: http://www.itgovernance.co.uk/products/2975.