Regions icon
Membership icon
Certification icon


CPNI is the UK Centre for the Protection of the National Infrastructure. CPNI’s remit is to provide protective security advice to businesses and organisations across the national infrastructure.

CREST works with CPNI in a number of areas, including identification of technical security threats and discussions around protective security measures. CREST and CREST member companies have provided content for guides published by CPNI.

CPNI have formally endorsed the CREST Cyber Security Incident Response (CSIR) scheme.

A twin track approach is being taken for certified Cyber Incident Response services:

  • A broadly based scheme managed by industry professional body, endorsed by CESG and CPNI, and delivered by industry. This scheme focuses on appropriate standards for incident response aligned to demand from industry, the wider public sector and academia. Initially this scheme will be administered by CREST: additional professional body-led schemes may be added should they emerge in future.
  • A small and focused Government-run Cyber Incident Response scheme certified by CESG and CPNI where capable industry partners deliver services focussed on responding to sophisticated, targeted attacks against networks of national significance. Organisations affected by such an attack should approach one of the CESG/CPNI certified CIR providers.

Further details are available on the CPNI website at

Details of the requirements and the application process will be available on the CREST website shortly.