What is incident response & exercising?
Incident response refers to the structured approach an organisation takes to detect, manage, and recover from cyber security incidents. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
Organisations may choose to develop internal capabilities or engage external providers to assist with incident response planning and execution. Working with accredited providers can offer access to specialised expertise and resources.
Incident exercising involves simulating cyber incidents to test and improve an organisation’s incident response plans and capabilities. These exercises help ensure that teams are prepared to respond effectively to real-world cyber threats.
Regular incident exercising helps organisations identify gaps in their response plans, improve coordination among teams, and enhance overall cyber resilience. Engaging with experienced providers can facilitate the design and execution of effective exercises tailored to the organisation’s specific needs.
If your organisation is considering achieving our incident response or incident exercising accreditations and becoming a member, you can download our accreditation standards for these services on our Accreditation Standards page.

Get your organisation accredited
Incident response
To achieve this accreditation, organisations must demonstrate capability across six key domains – from Preparation and Readiness to Governance and People. They must adopt a consistent, risk-aware approach to delivering effective incident response, and undergo an expert-led assessment by CREST, based on a review of documentation, supporting artefacts, and evidence from previous engagements.
Incident exercising
To achieve this accreditation, organisations must demonstrate capability across six key domains – Preparation, People and Organisation, Processes and Guidelines, Scoping, Execution, and Post-Delivery. They must adopt a consistent, repeatable, and risk-aware approach to delivering structured cyber incident exercises that enhance client readiness and resilience, and undergo an expert-led assessment by CREST, based on a review of documentation, supporting artefacts, and evidence from previous engagements.
Getting accredited with us could help your organisation access a number of exciting partner programmes
Industry-leading certifications
Take the next step in your cyber career!
Whether you’re at the start of your career, or ready to take the leap into a more experienced role, we run examinations across a number of cyber security disciplines, providing career pathways and progression options for professionals at every stage of their working lives.
Our certifications are recognised worldwide and having CREST qualified individuals demonstrates a high standard of knowledge, skills and competence. In a growing cyber market, this could help you stand out against the crowd.
Can’t find the certification you’re looking for?
Visit our dedicated page to find our full list of available certifications: CREST Certifications
CREST Practitioner Intrusion Analyst (CPIA)
The CREST Practitioner Intrusion Analyst (CPIA) is an entry level exam that tests a candidate’s knowledge in assessing fundamental aspects of Incident Response.

CREST Registered Intrusion Analyst (CRIA)
The CREST Registered Intrusion Analyst (CRIA) examination tests a candidate's knowledge across all three subject areas of network intrusion, host intrusion and malware reverse engineering.

CREST Certified Incident Manager (CCIM)
The CREST Certified Incident Manager examination tests a candidate's knowledge across a range of areas wider than traditional intrusion analysis, in addition to general technology areas.

Being a CREST qualified individual could make you eligible for the following programmes
UK Cyber Security Council - more info coming soon
Resources
Research, support & news
Career pathways
Why CREST?
Whether you’re looking for globally recognised certifications or trusted suppliers of cyber services, we are committed to building cyber excellence across the globe by creating a community of individuals and organisations that are as dedicated to building a safer digital world as we are.
But it’s not just about us; collaboration is at the heart of our mission. That’s why we work with government organisations, community supporters, and discipline communities and focus groups to build a community that provides opportunities to enhance capability and raise awareness of cyber security across a whole range of industries.