The International Board for IT Governance Qualifications (IBITGQ) is a personnel certification body that certifies individuals in the field of IT governance. IBITGQ is dedicated to the provision of qualifications, to the experts working in the areas of information security, business resilience and IT governance.

Our aim is to assist in the development of experienced and qualified IT governance professionals by offering:

  • Accredited qualifications recognised on a global basis;
  • Guidelines for organisations that would like to offer training courses based on IBITGQ certifications;
  • Guidance on continued professional development to the experts.



Currently IBITGQ qualifications have been achieved by more than 14,000 professionals working in government and commercial organisations around the world.

GASQ is a principal certification body for IBITGQ that administers and manages exams on behalf of IBITGQ.



IBITGQ Certifications

IBITGQ portfolio currently consists of following certifications:

  • ISO 27001 Certified ISMS Foundation (CIS F)
  • ISO 27001 Certified ISMS Lead Implementer (CIS LI)
  • ISO 27001 Certified ISMS Lead Auditor (CIS LA)
  • ISO 27001 Certified ISMS Internal Auditor (CIS IA)
  • ISO 27005 Certified ISMS Risk Management (CIS RM)
  • General Data Protection Regulation Foundation (EU GDPR F)
  • General Data Protection Regulation Practitioner (EU GDPR P)
  • GDPR Data Protection Officer (C DPO)
  • Certified Introduction to Data Protection Foundation (CIDP F)
  • PCI DSS Implementation (PCI IM)
  • ISO 22301 Certified BCMS Foundation (CBC F)
  • ISO 22301 Certified BCMS Lead Implementer (CBC LI)
  • ISO 22301 Certified BCMS Lead Auditor (CBC LA)
  • Managing Cyber Security Risk (CCRMP)
  • Cyber Incident Response Management Foundation (CIRM F)
  • BS 10012 Certified PIMS Lead Implementer (C BS PIMS LI)
  • ISO 27701 Certified Personal Information Management Systems Lead Auditor (PIMS LA)
  • ISO 27701 Certified Personal Information Management Systems Lead Implementer (CPI LI)
  • Certified Cyber Security Foundation (CCS F)
  • Certified Cyber Security Practitioner (CCS P)
  • Privacy by Design Foundation (PD F)
  • Certified Privacy Essentials for Marketers Foundation (PEM F)
  • Certified California Privacy Rights Act (CPRA)

Scope of certification, certification requirements, learning objectives and other details can be found in the respective Certification Frameworks & Syllabi here.

How to obtain a certification?

IBITGQ Certifications are granted after successfully passing an IBITGQ exam.

The exam can be passed after participating in a training course as well as after preparing through self-study.

More information about the exams can be found here.

All certificates remain valid in perpetuity unless otherwise indicated in the respective Certification Framework & Syllabus.

How to apply for certification?

To apply for certification, a candidate needs to apply for a respective IBITGQ examination in one of the following ways:

  • An online examination delivered as part of an IBITGQ training course if the ATO is also approved for administering exams;
  • An online examination administered at GASQ Accredited Exam Center (also available at ATOs without prior training);
  • A remote examination here.

Training is not a prerequisite for becoming IBITGQ certified.


Where recertification for a certification is required, the criteria is explained fully in the related Certification Framework & Syllabus documents here.

Suspension and withdrawal of certification

Certification can be suspended or withdrawn if a candidate does not comply with the examination conditions or if the examination or certification was not conducted in accordance with the examination conditions. Violation of IBITGQ Code of Ethics can also result in suspension or withdrawal of certification.

Why Certify?

Qualifications that are certified by accredited and respected organizations are becoming an essential requirement of any IT governance professional. With an ever increasing demand for information security staff, employers offer enhanced career opportunities to candidates who have certified qualifications and relevant experience.

IBITGQ Code of Ethics

Before every exam, the participant needs to confirm that he/she shall comply with IBITGQ Code of Ethics. Non compliance with the provisions of IBITGQ Code of Ethics can lead to certification suspension or withdrawal.

How to verify a certification?

You can verify a certificate using a GASQ certificate checking tool here.


IT Governance Qualifications

IT governance is a key component of corporate governance and is at the heart of strategic IT management in all successful organizations. The need for a closer alliance of business objectives with IT resources, a better return on investment and the need for compliance to standards are all significant drivers to ensuring that information technology truly delivers competitive advantage. Senior managers and consultants who advise on IT governance are much in demand in organizations throughout the world.

Founded in 2011, the International Board for IT Governance Qualifications (IBITGQ) was setup to help improve and standardize the range and quality of training for IT governance professionals. The organization is a not-for profit association incorporated under German law and has been developed by a number of leading IT governance professionals and organizations.

The principal examination body for IBITGQ is GASQ.

Working closely with the Global Association for Software Quality (GASQ), the IBITGQ defines and awards qualifications built around the implementation and audit skills required for management standards that include ISO27001, ISO27005, BS25999 and ISO38500.