The buyer needs CE specialist speed
Fig is cleaner where Cyber Essentials is the central requirement and the organisation wants a fast, direct path to certificate issue rather than a broader consulting catalogue.
Fig vs IT Governance. Specialist UK CE body with 6-hour turnaround, not a multi-standard consultancy.
IT Governance is a multi-standard UK consultancy covering ISO 27001, GDPR, and Cyber Essentials, with a large training arm. Fig Group is the Cyber Essentials specialist alternative - IASME-licensed, 6-hour turnaround guarantee, published pricing from £299.99 + VAT, three free re-submissions, and an integrated MSP-ready platform.
Decision table
Capability-by-capability comparison between Fig Group and IT Governance
| Capability | Fig Group | IT Governance |
|---|---|---|
| UK-resident data and support | UK-based | |
| IASME-licensed Cyber Essentials certification included | No checked public claim | |
| 6-hour Cyber Essentials turnaround guarantee | No published 6-hour SLA | |
| Multi-tenant MSP architecture | No checked public claim | |
| Governance-first control plane (policy drives evidence, not reverse) | Consultancy-led | |
| Integrated vulnerability management and EPSS/KEV prioritisation | Service-dependent | |
| Embedded cyber insurance distribution | No checked public claim | |
| Frameworks supported | 65+ incl. Cyber Essentials, ISO 27001, NIS2, SOC 2, DORA, CS&R, DCC | Broad multi-standard consulting |
| Published Cyber Essentials pricing | From £299.99 + VAT | Check supplier quote |
Buyer-fit analysis
Where Fig is the cleaner fit, and where IT Governance may be.
This page was last reviewed on 27 April 2026. We separate certificate delivery, platform fit, MSP workflow, and procurement risk so the comparison is useful rather than just a vendor scorecard.
Where Fig is the cleaner fit
An MSP needs a resale workflow
Fig is more naturally aligned to MSPs selling CE repeatedly, with multi-tenant workflow and client-facing evidence built into the platform model.
The buyer wants to avoid consultancy sprawl
If the need is CE now and governance later, Fig keeps the first transaction focused while leaving room to expand into platform workflows.
Where IT Governance may be the cleaner fit
The organisation is already buying ISO or training from IT Governance
IT Governance may be better when CE is a small part of a larger ISO 27001, GDPR, training, or policy programme already sourced from them.
The buyer wants one broad consultancy supplier
For organisations that deliberately want a multi-standard consultancy relationship, IT Governance may fit procurement better.
Claims to verify before buying
- 01Ask whether the final quote includes only certification or also pre-check, consultancy, or toolkit items.
- 02Confirm what support is included if the first submission needs correction.
- 03Compare CE Plus pathway and renewal support before choosing.
How to read this
The useful question is not which vendor is universally better.
It is which route fits the buyer's certification, data residency, MSP, and assurance requirements. Fig is strongest where Cyber Essentials certification, IASME-licensed assessment, UK support, published pricing, and MSP delivery are part of the requirement. IT Governance may still be the better choice where its existing product focus, contract position, or implementation model is already aligned to the buyer.
Step 01
Confirm what is being purchased
A formal certificate, a compliance automation platform, a consultancy engagement, or a mixture. Cyber Essentials and Cyber Essentials Plus must be delivered through an IASME-licensed certification body; generic compliance automation alone does not issue the official certificate.
Step 02
Match supplier to job
If the job is to pass Cyber Essentials quickly, the decisive evidence is IASME licence status, assessor responsiveness, price, re-submission policy, and certificate turnaround. If the job is broader governance automation, the decisive evidence is control ownership, policy workflow, evidence retention, and renewal support.
Buyer checklist
Six questions to ask both suppliers
- 01Are you IASME-licensed? If yes, ask for the licence ID. If no, the supplier cannot issue the official Cyber Essentials certificate.
- 02Is pricing published? Gated, per-certification, subscription, or consultancy-led - confirm before procurement.
- 03Are re-submissions, readiness support, and urgent turnaround included, or charged separately?
- 04For MSPs: confirm tenant isolation, white-labelling, client reporting, and the margin model.
- 05For audit: how is evidence retained, exported, and mapped to framework controls?
- 06For renewal: does the provider support next year's certificate, or only the first submission?
Official sources
Independently verify what either supplier claims
Best fit · Fig Group
Choose Fig when the requirement maps here
- Organisations where CE is the primary need, not broad consultancy.
- Tender-deadline CE.
- Buyers who want software-first delivery rather than consultancy hours.
Best fit · IT Governance
Choose IT Governance when the requirement maps here
- Buyers already engaged with IT Governance on ISO 27001 or training.
- Multi-standard enterprise engagements.
Next step
Compare on the axis that matters to you.
Cyber Essentials certification, IASME licence, 6-hour turnaround, MSP multi-tenant - Fig publishes the capability set. See pricing or talk to an assessor.