iTRA Fundamentals is a Subscription-based "information & technology Risk-Assurance program" for business. It is designed to assist SME or mid-sized Enterprises lay the fundamentals to protect their business and fuel the profitable growth of their products and services through minimizing information & technology risks and business impact, reduce probability of adversities, demonstrate resilience, or even turn them into opportunities.

Cyber Security Management System - CSMS-119

SME Owners - engage industry advisors to identify value-proposition before your decision on cyber-security technology or solution purchase. Leverage on your existing management systems and resources to get the best out of what is already in place. You will save on your business spending, control your budget and make a justifiable investment in protecting your business, information assets and fulfilling the regulatory requirements.

ISO27001, a.k.a. ISO/IEC 27001:2013 for Information security management systems

ISO 27001 brings to companies the management framework that helps them enhance the existing management system, professional image, market expansion by being qualified to apply for tenders and meet customer & legal requirements. Promote your business values to your clients by being Cyber-Resilient, Data Protection Ready & Regulatory Compliant (e.g. GDPR). Prepare for a seamless paradigm shift without hurting your budget but giving your business the extra miles

GDPR Self-Assurance

We map your Business and Operating Processes to information technology (IT) platform and its data flow, apply the Code of Practice and Data Protection principles to meet the GDPR requirements (a click away) that enable you and your GDPR Compliance team or project to swiftly move forward. 

Corporate Training, E-Learning and Professional Certifications

Claim your extra mileage by reducing human and process vulnerabilities through our Infor-Sec/Data Protection/Phishing & Ransomware Staff-Awareness. Let your team work on International Standards by gaining premium professional recognition with a highly Accredited Online Certificate by (IBITGQ) International Board for IT Governance Qualifications. (Accredited to ISO 17024 – the international gold standard for IT qualifications.)

Penetration Testing

Penetration testing, or ‘pen testing’, is the most effective way of demonstrating that exploitable vulnerabilities within your company’s internet-facing resources have been identified, allowing suitable patches to be applied.

What is Cyber Essentials scheme?

Cyber Essentials is a government-backed and CREST-approved Cyber Security certification scheme that sets out a good baseline of cyber security suitable for all End-User organisations across all business sectors. The scheme addresses five key controls that, when implemented correctly, can prevent around 80% of cyber attacks. Today, they are readily made available in Asia through us. Click to download CE Flyer


COBIT, eSsentials  - Don't leave home without it. The business orientation of COBIT consists of linking Business goals to IT Goals, providing metrics and maturity models to measure their achievement, and identifying the associated responsibilities of business and IT process owners. Before hitting the 'View more' button,  Click here for an appetizer.


iTGRC Asia, a Singapore incorporated company, provides Advisory, Consulting and Training services on
Corporate Governance, Risk Management, and Compliance.

Find out more

Our Services

iTGRC Asia, assists enterprises to improve their overall Risk Stature through customized GRC Advisory,
Consultancy and Training services.

iTGRC, Enterprise Risk Management - Assessment, Audit and Assurance

Tendering for a government contract or undergoing an annual review by regulatory bodies? Internal IT Audit/Penetration Testing is an essential part of the business today that ensures a trustworthy computing environment with secured information that your business can rely on with a peace of mind
Find out more

iTGRC, Regulatory Compliance Assurance

Is meeting regulations and ever growing compliance requirements proving a challenge? Think of Risk, Compliance and Privacy by Design.

Find out more

iTGRC, Information Security Certification

Demonstrate to clients, insurers, investors and other relevant parties that you have taken the precautions necessary to reduce cyber risks. Be able to bid for government contracts that involve the handling of personal and sensitive information; such as DPA.
Find out more

iTGRC - Corporate Staff Awareness and Professional Training

Your Staff Awareness and focused End-User training on Information Security/ISO27001/PCI-DSS/Data Protection Act/GDPR [EU Data-Protection]/Phishing & Ransomware, Professional & Executive Courses for CISOs/Governance, Information Risk and Security Management professional, help a speedy adoption while staying abreast of the prevailing laws, regulation, guidelines; such as Sarbanes Oxley 2017, FDA... 

Find out more


Keeping businesses safe online

SMEs are encouraged to begin protection, starting with their existing business management systems.

Read more
January 2, 2018 BY iTGRC Asia, courtesy of STAR


iTGRC Asia at BERNAMA News Malaysia DEC 2017

Creating a Information/Cyber-Security Culture


Read more
December 12, 2017 BY iTGRC Asia, courtesy of BERNAMA Malaysia

Our Strategic Partners & Alliances

Frequently Asked Questions

iTGRC Asia is a product agnostic and independent practitioner advisory firm. iTGRC Asia practitioners leverage their wealth of enterprise experience, industry knowledge and practices, works with its business associates on the most relevant information infrastructure that run the key processes which support the business, constantly address the most crucial and trending regulatory requirements.
iTGRC Asia resonates a Responsible CREDO that openly looks after the needs and requirements for the benefit of its business associates, employees and shareholders, and those who shall receive benefits from iTGRC Asia in the humanity space. Therefore, we do not lift and shift the best practices but work hand in hand, as an extended organization to it's business associates, in accordance to their business context, organization outlook, competing priority and budget regardless of scale.
iTGRC Asia is a true practitioner firm (Click for firm brochure) which works towards helping its business associates' organizations achieve their goals by
  • developing their GRC awareness at different levels,
  • establishing policies and implementing them to protect the core information assets, internally/externally regardless of border, 
  • embedding the appropriate methodologies, processes, controls and performance measurements in respect of its business associates' needs, local or international regulatory requirements, and
  • without fail, committing to its business associates’ belief, urgency and priorities.

We focus on providing Practitioner Advice on Corporate Information and Technology Governance, Risk and Compliance up values chain.

Specifically, we advise Board/Senior Executives on the industry standard Governance methodology such as: 

through to addressing broad range of Information/Technology Risk & Security Management, and Compliance to middle managers and enterprise staff.

We provide the following standardized and bespoke awareness/training programs based on an unparalleled standards by IT Governance Ltd. 

  • CISO Overview,
  • COBIT Overview,
  • CISM Overview, 
  • Corporate Information and Technology Governance, Risk and Compliance Overview.

We specialize in Information and Technology Risk Assurance, offering;  

iTGRC Asia is a strategic partner to IT Governance Ltd. from UK. iTGRC Asia carries highly regarded and credible packages from IT Governance Ltd and deliver them to his business associates in Asia through a team of competent and experienced consultants, with strong backing from IT Governance Ltd. Thus giving business associates the assurance that products and services offered and implemented adhere to international and industries standards, and they meet the necessary regulatory requirements. 

The Cyber Essentials scheme’s five security controls provide the basic level of protection that you need and can protect it from around 80% of cyber attacks, allowing you to focus instead on your core business objectives.

By properly implementing cyber security controls, you will also drive business efficiency throughout the organisation, saving money and improving productivity. On top of that, A Cyber Essentials or Cyber Essentials Plus badge will enhance your business’s reputation and open up new commercial opportunities by proving to your customers that you take the security of their information seriously and are taking the necessary steps to reduce cyber risks.


note: IT Governance is a CREST-approved member and accredited Cyber Essentials scheme certification body. 

No. All assessments must be done independently by an external certification body as part of the certification work. 

The scans are conducted to a common standard, as mandated by CREST. This guarantees the integrity and correctness of the scans. By including the scans as part of the certification process, the application process works out to be more efficient and cost-effective. For this reason, the scans can only be provided by a CREST-accredited certification body as part of the certification work.

iTGRC Asia, in collaboration with IT Governance offers the basic ‘DIY’ package for Cyber Essentials and Cyber Essentials Plus for companies that don’t need any additional assistance or support when applying for certification. For companies that require additional assistance, we offer additional support. View our packages here.

Cyber Essentials is applicable to all organisations, of all sizes, and in all sectors. We encourage all organisations to look at the requirements and to adopt them. This is not limited to companies in the private sector, but is applicable to universities, charities, public sector and not-for-profit organisations.

Organisations that have successfully been assessed against the scheme will be able to use the appropriate Cyber Essentials badge to publicise this fact. Being able to advertise that you have met a Government approved cyber security scheme will give you an edge over competitors in the same market.

Yes. You can gain the badge in addition to other schemes. The process of meeting the requirements of other standards may have included work which meets or partially meets the Cyber Essentials Requirements. Your Certification Body will be able to advise you further. It is intended that compliance with Cyber Essentials will add value to the majority of organisations and demonstrate to customers, partners and stakeholders that you take information security seriously.

Cyber Essentials aims to describe the small number of fundamental mitigations that will stop the majority of internet based cyber-attacks to your IT system. It is important that you think about your own organisation and risk as set out in the ’10 Steps to Cyber Security guidance to determine if implementing the Cyber Essentials alone is enough for you. Many organisations will need to have in place far more controls and procedures to manage the risks they face. Cyber Essentials can be seen as a first, vital step.

Cyber Essentials offers a sound foundation of basic hygiene measures that all types of organisations can implement and potentially build upon. We believe that implementing these measures can significantly reduce an organisation's vulnerability. However, it does not offer a silver bullet to remove all cyber security risk; for example, it is not designed to address more advanced, targeted attacks and hence organisations facing these threats will need to implement additional measures as part of their security strategy.

It will be more efficient to start both at the same time – iTGRC Asia, in collaboration with IT Governance can help you with an integrated approach. Depending on your current resources, time commitments and budget, you could start with the Cyber Essentials scheme, which will give you an introduction to the world of certification, and then continue to ISO 27001:2013 when you are ready.

Contact Us

iTGRC Asia Pte Ltd

Regus JTC Summit
8 Jurong Town Hall Road, Level #24-05, Singapore 609434

+65 6818 0839


+65 6818 0801

By submitting your information to iTGRC Asia Pte Ltd, you have agreed to our Privacy Statement