Two words that strike a combination of fear and disinterest into the hearts of most people - we have a different view, IG should simply be the documented evidence of your good practice.
Most organisations we work within have secure ways of working, often it's what we call "cultural care", (people simply care about what they are doing), and it's that cultural care that keeps an organisation safe.
The shortfall is often in the lack of documented evidence, (policy and procedure), and inconsistent practices, occasionally it's also, "We have always done it that way".
Our approach to creating good governance, (PCI DSS, ISO2700, NHS IG Toolkit etc), is to create an ISMS, (Information Security Management System), that reflects the business process and underpins the compliance requirements.
This approach ensures that you don't end up with documents just gathering dust.
We run regular Information Governance workshops from our offices in Richmond, North Yorkshire. If you would like details please contact us