Frequently Asked Questions

iTGRC Asia is a product agnostic and independent practitioner advisory firm. iTGRC Asia practitioners leverage their wealth of enterprise experience, industry knowledge and practices, works with its business associates on the most relevant information infrastructure that run the key processes which support the business, constantly address the most crucial and trending regulatory requirements.
iTGRC Asia resonates a Responsible CREDO that openly looks after the needs and requirements for the benefit of its business associates, employees and shareholders, and those who shall receive benefits from iTGRC Asia in the humanity space. Therefore, we do not lift and shift the best practices but work hand in hand, as an extended organization to it's business associates, in accordance to their business context, organization outlook, competing priority and budget regardless of scale.
iTGRC Asia is a true practitioner firm (Click for firm brochure) which works towards helping its business associates' organizations achieve their goals by
  • developing their GRC awareness at different levels,
  • establishing policies and implementing them to protect the core information assets, internally/externally regardless of border, 
  • embedding the appropriate methodologies, processes, controls and performance measurements in respect of its business associates' needs, local or international regulatory requirements, and
  • without fail, committing to its business associates’ belief, urgency and priorities.

We focus on providing Practitioner Advice on Corporate Information and Technology Governance, Risk and Compliance up values chain.

Specifically, we advise Board/Senior Executives on the industry standard Governance methodology such as: 

through to addressing broad range of Information/Technology Risk & Security Management, and Compliance to middle managers and enterprise staff.

We provide the following standardized and bespoke awareness/training programs based on an unparalleled standards by IT Governance Ltd. 

  • CISO Overview,
  • COBIT Overview,
  • CISM Overview, 
  • Corporate Information and Technology Governance, Risk and Compliance Overview.

We specialize in Information and Technology Risk Assurance, offering;  

iTGRC Asia is a strategic partner to IT Governance Ltd. from UK. iTGRC Asia carries highly regarded and credible packages from IT Governance Ltd and deliver them to his business associates in Asia through a team of competent and experienced consultants, with strong backing from IT Governance Ltd. Thus giving business associates the assurance that products and services offered and implemented adhere to international and industries standards, and they meet the necessary regulatory requirements. 

The Cyber Essentials scheme’s five security controls provide the basic level of protection that you need and can protect it from around 80% of cyber attacks, allowing you to focus instead on your core business objectives.

By properly implementing cyber security controls, you will also drive business efficiency throughout the organisation, saving money and improving productivity. On top of that, A Cyber Essentials or Cyber Essentials Plus badge will enhance your business’s reputation and open up new commercial opportunities by proving to your customers that you take the security of their information seriously and are taking the necessary steps to reduce cyber risks.


note: IT Governance is a CREST-approved member and accredited Cyber Essentials scheme certification body. 

No. All assessments must be done independently by an external certification body as part of the certification work. 

The scans are conducted to a common standard, as mandated by CREST. This guarantees the integrity and correctness of the scans. By including the scans as part of the certification process, the application process works out to be more efficient and cost-effective. For this reason, the scans can only be provided by a CREST-accredited certification body as part of the certification work.

iTGRC Asia, in collaboration with IT Governance offers the basic ‘DIY’ package for Cyber Essentials and Cyber Essentials Plus for companies that don’t need any additional assistance or support when applying for certification. For companies that require additional assistance, we offer additional support. View our packages here.

Cyber Essentials is applicable to all organisations, of all sizes, and in all sectors. We encourage all organisations to look at the requirements and to adopt them. This is not limited to companies in the private sector, but is applicable to universities, charities, public sector and not-for-profit organisations.

Organisations that have successfully been assessed against the scheme will be able to use the appropriate Cyber Essentials badge to publicise this fact. Being able to advertise that you have met a Government approved cyber security scheme will give you an edge over competitors in the same market.

Yes. You can gain the badge in addition to other schemes. The process of meeting the requirements of other standards may have included work which meets or partially meets the Cyber Essentials Requirements. Your Certification Body will be able to advise you further. It is intended that compliance with Cyber Essentials will add value to the majority of organisations and demonstrate to customers, partners and stakeholders that you take information security seriously.

Cyber Essentials aims to describe the small number of fundamental mitigations that will stop the majority of internet based cyber-attacks to your IT system. It is important that you think about your own organisation and risk as set out in the ’10 Steps to Cyber Security guidance to determine if implementing the Cyber Essentials alone is enough for you. Many organisations will need to have in place far more controls and procedures to manage the risks they face. Cyber Essentials can be seen as a first, vital step.

Cyber Essentials offers a sound foundation of basic hygiene measures that all types of organisations can implement and potentially build upon. We believe that implementing these measures can significantly reduce an organisation's vulnerability. However, it does not offer a silver bullet to remove all cyber security risk; for example, it is not designed to address more advanced, targeted attacks and hence organisations facing these threats will need to implement additional measures as part of their security strategy.

It will be more efficient to start both at the same time – iTGRC Asia, in collaboration with IT Governance can help you with an integrated approach. Depending on your current resources, time commitments and budget, you could start with the Cyber Essentials scheme, which will give you an introduction to the world of certification, and then continue to ISO 27001:2013 when you are ready.