IBITGQ (International Board for IT Governance Qualifications) is a personnel certification body dedicated to the training, certification, and development of qualifications for people. IBITGQ focuses on the continued professional development of people in the fields of IT governance, risk management, compliance, data protection and cyber security.

With its qualifications regarded as the ‘Practitioner’s Certification’, IBITGQ aims to create a safer and more sustainable business environment by offering the following:

  • Internationally recognized and accredited certification schemes that have been developed by industry leaders.
  • Accreditation of training organizations to ensure effective training is delivered.
  • A range of certifications from foundational to advanced levels.
  • Implementation of theoretical and practical pathways, providing professionals with the applicable knowledge to face real-world situations.
  • Dynamic processes that allow for re-engineering and development of certification schemes.
  • Valuable existing and prospective partnerships with leading training organizations.



IBITGQ continues to develop and execute industry-leading qualifications, educating people, and building resilient organizations and safer and compliant environments. Currently IBITGQ qualifications have been achieved by more than 14,000 professionals working in government and commercial organizations around the world.

GASQ is a principal certification body for IBITGQ that administers and manages exams on behalf of IBITGQ.


How to Apply for an IBITGQ Certification

To apply for IBITGQ certification, you have several flexible exam options:

  • Online exam integrated with an IBITGQ training course:This is a convenient choice if you want both preparation and exam administration in one package. Make sure to choose a training provider that is also approved to administer exams.
  • Online exam at a GASQ Accredited Exam Centre:This is ideal if you prefer a dedicated testing environment or if you've prepared independently. Some training providers also offer this option, allowing you to combine training with a proctored exam if desired.
  • Remote examination:This offers maximum flexibility, allowing you to take the exam from the comfort of your location. Find more details and system requirements here https://www.gasq.org/en/certification/remote.html

Important: IBITGQ certification does not require you to complete a training course. If you are well-versed in the subject matter, you can choose the exam option that best suits your needs and preferences.


How to Obtain IBITGQ Certification

Complete the required IBITGQ exam. IBITGQ certifications demonstrate your expertise in specific areas of IT governance.

Prepare for the exam:

  • Formal Training:Consider an IBITGQ-accredited training course for structured guidance and preparation.
  • Self-Study:If you possess strong prior knowledge, you may prepare independently using official IBITGQ resources.
  • Find exam details: Visit the IBITGQ website [ibitgq.org] for information on specific exam formats, registration processes, and any associated fees.

Important Note: IBITGQ certifications typically maintain their validity in perpetuity. However, it is recommended to refer to the specific Certification Framework & Syllabus for any potential exceptions.

Structured Learning Path – The Development of Expert Level

A key element of the work of our Sub Committees has been the development of a training program with a structured learning path from Foundation to Advanced level. We are planning to extend this program to include an Expert level designed to further enhance the knowledge and skills of more experienced IT governance professionals. To broaden the scope of this certification, the IBITGQ is currently exploring the possibility that qualification at the Expert level may also include certifications awarded by other Exam Bodies.

Membership Application

We welcome applications from qualified individuals and organizations (commercial or non-profit) who would like to contribute to setting the standards and qualifications of IT governance professionals of the future.

If you or your organization would like to become a member of the IBITGQ, please apply in writing us an e-mail.


Upholding Our Standards

IBITGQ takes any violation of the Code of Ethics very seriously. Breaches may result in disciplinary action, up to and including the suspension or revocation of certification.

To access the complete IBITGQ Code of Ethics, please visit our website https://www.ibitgq.org/about-us/code-of-ethics

How to verify a certification?

You can verify a certificate using a GASQ certificate checking tool here.



IBITGQ Certifications: A Comprehensive Portfolio

IBITGQ offers a wide range of internationally recognized certifications to help IT governance professionals advance their careers and demonstrate their expertise. Our portfolio includes:

  • Information Security Management Systems (ISMS)

    • ISO 27001 Certified ISMS Foundation (CIS F)
    • ISO 27001 Certified ISMS Lead Implementer (CIS LI)
    • ISO 27001 Certified ISMS Lead Auditor (CIS LA)
    • ISO 27001 Certified ISMS Internal Auditor (CIS IA)
    • ISO 27001 Certified ISMS Transition (CIS TN)
    • ISO 27005 Certified ISMS Risk Management (CIS RM)


  • Data Protection

    • General Data Protection Regulation Foundation (EU GDPR F)
    • General Data Protection Regulation Practitioner (EU GDPR P)
    • GDPR Data Protection Officer (C DPO)
    • Certified Introduction to Data Protection Foundation (CIDP F)
    • Certified California Privacy Rights Act (CPRA)


  • Digital Operational Resilience Act (DORA)

    • Certified DORA Foundation (C DORA F)
    • Certified DORA Practitioner (C DORA P)
    • Certified DORA Lead Auditor (C DORA LA)
    • Certified DORA Compliance Officer (C DORA CO)
    • Certified DORA Risk Director (C DORA RD)


  • Business Continuity Management Systems (BCMS)

    • ISO 22301 Certified BCMS Foundation (CBC F)
    • ISO 22301 Certified BCMS Lead Implementer (CBC LI)
    • ISO 22301 Certified BCMS Lead Auditor (CBC LA)


  • Other Specializations

    • PCI DSS Implementation (PCI IM)
    • Managing Cyber Security Risk (CCRMP)
    • Cyber Incident Response Management Foundation (CIRM F)
    • BS 10012 Certified PIMS Lead Implementer (C BS PIMS LI)
    • ISO 27701 Certified Personal Information Management Systems Lead Auditor (PIMS LA)
    • ISO 27701 Certified Personal Information Management Systems Lead Implementer (CPI LI)
    • Certified Cyber Security Foundation (CCS F)
    • Certified Cyber Security Practitioner (CCS P)
    • Privacy by Design Foundation (PD F)
    • Certified Privacy Essentials for Marketers Foundation (PEM F)


For detailed information on the scope of certification, certification requirements, learning objectives, and other relevant details, please contact our service centre at servicecentre@ibitgq.org


Most IBITGQ certifications do not require recertification. However, please consult an IBITGQ representative for specific certification renewal requirements. Email servicecentre@ibitgq.org.

Suspension and withdrawal of certification

Certification may be suspended or withdrawn due to:

  • Non-compliance with examination conditions.
  • Violations of the IBITGQ Code of Ethics.
  • Any actions that compromise the integrity of the examination or certification process.

Why Certify?

  • Stand out in a competitive market: Accredited certifications demonstrate your commitment to IT governance best practices, giving you an edge in a demanding job market. They signal to employers that you possess the knowledge and skills to align IT initiatives with organizational goals.
  • Unlock career advancement: Employers recognize the value of certified professionals, often leading to expanded responsibilities, promotions, and increased earning potential. Certification can open doors to leadership roles and specialized positions within IT governance.
  • Validate your expertise: Certifications provide independent validation of your IT governance knowledge and skills, boosting your credibility within the industry. This recognition can be invaluable when seeking new opportunities or negotiating your compensation.
  • Demonstrate continuous learning: Earning a certification shows a dedication to professional development and staying current with evolving IT governance standards. This commitment to lifelong learning is highly valued by employers.

IBITGQ Code of Ethics: A Commitment to Excellence

The IBITGQ Code of Ethics serves as the cornerstone of professionalism and integrity within our certification programs. It establishes clear expectations for IBITGQ employees, experts, certified individuals, and all associated stakeholders.

Guiding Principles for Everyone:

  • Impartiality: IBITGQ operates with absolute objectivity, ensuring that certifications are awarded solely based on merit. All processes are designed to eliminate bias, favoritism, or external pressure that could compromise the certification process.
  • Confidentiality: The protection of exam content, candidate information, and other sensitive data is paramount. IBITGQ has strict protocols and agreements in place to safeguard the integrity and value of our certifications.


Responsibilities of Certified Professionals:

IBITGQ certifications represent a commitment to ethical conduct and ongoing professional development. Certified professionals are expected to:

  • Uphold Exam Integrity: Abide by all examination rules and procedures. Report any suspected misconduct to preserve the fairness of the certification process.
  • Protect Sensitive Information: Maintain strict confidentiality regarding exam content, protecting the value of the certification for all who earn it.
  • Demonstrate Professionalism: Execute professional responsibilities with competence, fairness, honesty, and respect for all parties involved.
  • Engage in Continuous Learning: Actively seek to expand knowledge and skills within their area of expertise, ensuring their work remains aligned with current best practices.
  • Act as IBITGQ Ambassadors: Conduct themselves in a manner that reflects positively on IBITGQ and the broader IT governance community.


IBITGQ Certifications: Validate Your IT Governance Skills

Information Security Management Systems (ISMS)

  • ISO 27001 Certified ISMS Foundation (CIS F): Understand ISO 27001 fundamentals for information security management. Intended for: New ISMS professionals.
  • ISO 27001 Certified ISMS Lead Implementer (CIS LI): Learn how to plan, design, and implement an ISO 27001-compliant ISMS. Intended for: ISMS project leaders.
  • ISO 27001 Certified ISMS Lead Auditor (CIS LA): Master the auditing of ISMS against ISO 27001 requirements. Intended for: Formal auditors.
  • ISO 27001 Certified ISMS Internal Auditor (CIS IA): Conduct effective internal ISMS audits. Intended for: In-house ISMS maintenance.
  • ISO 27001 Certified ISMS Transition (CIS TN): Learn to transition from ISO 27001:2013 to ISO 27001:2022 for continued compliance. Intended for: Professionals with existing ISO 27001:2013 Lead Implementer or Auditor certifications.

Data Protection

  • General Data Protection Regulation Foundation (EU GDPR F): Gain essential GDPR knowledge and compliance understanding. Intended for: GDPR beginners.
  • General Data Protection Regulation Practitioner (EU GDPR P): Focus on GDPR's practical application, including data mapping and breach response. Intended for: GDPR compliance professionals.
  • Certified Data Protection Officer (C DPO): Specialize in the DPO role, with in-depth knowledge of GDPR compliance. Intended for: Current or aspiring DPOs.

Digital Operational Resilience Act (DORA)

  • Certified DORA Foundation (C DORA F): Introduction to DORA concepts for financial institutions. Intended for: Financial sector professionals.
  • Certified DORA Practitioner (C DORA P): Focus on implementing DORA requirements, risk assessments, and testing. Intended for: DORA compliance specialists.
  • Certified DORA Lead Auditor (C DORA LA): Specializes in auditing for DORA compliance. Intended for: Senior financial sector professionals.
  • Certified DORA Compliance Officer (C DORA CO): Focus on strategic DORA compliance, overseeing risk management, governance, and reporting. Intended for: Senior financial sector professionals.
  • Certified DORA Risk Director (C DORA RD): Specializes in risk management within DORA, developing strategies for identifying, assessing, and mitigating ICT risks. Intended for: Senior financial sector professionals.

The Critical Role of IT Governance Qualifications

IT governance, a fundamental component of corporate governance, ensures the strategic alignment of IT resources with organizational goals. This alignment is vital for optimizing return on investment, complying with relevant standards, and maintaining a competitive edge. Consequently, the global demand for highly skilled IT governance professionals and consultants continues to grow.

IBITGQ: Setting the Standard for IT Governance Excellence

Established in 2011, the International Board for IT Governance Qualifications (IBITGQ) is a non-profit association committed to improving the quality and consistency of IT governance training on an international scale. Developed in collaboration with leading IT governance experts, IBITGQ works alongside the Global Association for Software Quality (GASQ) to define and award globally recognized qualifications. GASQ acts as the primary examination body for IBITGQ.

Focus of IBITGQ Certifications

IBITGQ certifications emphasize the practical implementation and auditing skills required to uphold essential management standards and regulatory frameworks, including:

  • ISO 27001 (Information Security Management)
  • ISO 27005 (Information Security Risk Management)
  • ISO 22301 (Business Continuity Management)
  • ISO 27701 (Privacy Information Management)
  • GDPR (General Data Protection Regulation)
  • DORA (Digital Operational Resilience Act)