Login to profile

CREST announced as first delivery partner for new NCSC assured Cyber Incident Response (Level 2) scheme

6 July 2023

CREST has been named first delivery partner for the new NCSC assured Cyber Incident Response (Level 2) scheme. Alongside this, the NCSC has announced the scheme is ready for applications from incident response service providers to join the scheme. This scheme will cater for victims of a broader range of cyber attacks.

For many years the NCSC has operated a Cyber Incident Response scheme – now called Cyber Incident Response (Level 1) – that assures companies that can provide Incident Response services to nationally significant organisations. For example, in regulated industries, central government, or critical national infrastructure, with large cross border networks, or who have been targeted by a sophisticated attack. Assured providers under this scheme have been instrumental in helping organisations large and small, public sector and private, to respond to and recover from bespoke, complex, targeted cyber attacks.

The NCSC is introducing Cyber Incident Response (Level 2) to increase awareness and availability of high-quality incident response providers.  There are a broad range of victims suffering cyber attacks every day across the UK and while organisations are not always of national significance, they still often need external help and advice to manage and recover from the incident.

The new Cyber Incident Response (Level 2) scheme will be delivered through NCSC’s Delivery Partners – the first of which is CREST. Delivery Partners will manage the assessment, onboarding, monitoring and offboarding of Assured Service Providers for the NCSC. All operating according to the NCSC’s strict standards for both technical and organisational capability.

We are now ready to accept enquiries and applications from UK-based Incident Response service providers.

The scheme standards are available on the NCSC website: https://www.ncsc.gov.uk/information/cir-l2-standard

Information on the fee structure and how to apply are available on the CREST website:  https://www.crest-approved.org/membership/ncsc-cyber-incident-response-level-2-scheme/

Once the NCSC has accepted enough companies into the scheme, it will announce that the scheme is open for business and publish information for buyers.


CREST is a not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognised accreditations for organisations providing technical security services and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and security operations centre (SOC) services. CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence. To ensure currency of knowledge in fast changing technical security environments the certification process is repeated every three years.

For more information on CREST: www.crest-approved.org

For media enquires contact: Allie Andrews, [email protected]