Buying & Building Cyber Services icon
Back
Accreditation Pathway & Membership icon
Back
Skills, Certifications & Careers icon
Back
News, Events & Research icon
Back
About Us icon
Back
Login to profile
Join Today Find a Supplier

NCSC (CHECK)

Home  »  NCSC (CHECK)

CHECK is a UK Government programme under which the National Cyber Security Centre (NCSC), which is part of the Government Communications Headquarters (GCHQ) approves cyber security service providers to carry out authorised penetration tests of public sector and critical national infrastructure (CNI) systems and networks. 

Companies providing CHECK services must do so allocating staff who hold UK Cyber Security Council (CSC) approved titles and have suitable experience. These are: 

  • All CHECK Team Leaders (CTL) must hold a UK CSC Professional Title at a minimum of Principal level. 
  • All Team Members (CTM) must hold a UK CSC Professional Title at a minimum of Practitioner level. 

Important: Security Testing professional title holders at Practitioner, Principal and Chartered levels must ensure that they hold concurrently a valid technical “Competence A” certificate such as CRT for CHECK Team Members CCT INF / CCT APP for CHECK Team Leaders 

Following UK CSC communications from 4th June 2025, the requirement to pass recognised exams aligned to Competence A every three years in order to maintain the title remains valid. 

All CTLs and CTMs must also adhere to the Continuous Professional Development (CPD) revalidation requirements as set out by the UK CSC where candidates are required to undertake 75 hours of CPD over a three-year cycle. This is being developed at the moment and once a robust CPD approach has been developed and accepted, the UK CSC will communicate further any related impacts on the Security Testing professional titles. 

Requirements for the Primary CTLs 

The requirement for the Primary CTL on any CHECK engagement to be qualified in the relevant discipline (Web Applications or Infrastructure) for the test has not changed. This means that whatever exam discipline a CTL used to prove Competency A for the award of their Professional Title, is the discipline which companies must enter on the CHECK Supplier Portal. Anyone wishing to work in both disciplines must have initially passed a CREST or equivalent exam recongnised by NCSC in both disciplines and maintain that technical competence – evidenced by continuing to hold a UK CSC Professional. 

More information on UK CSC Professional Titles and how we can support can be found on our dedicated page: Professional Titles 

More information on the CHECK scheme can be found at CHECK – penetration testing – NCSC.GOV.UK. 

ASSURE CBEST GBEST iCAST NCSC (CHECK) NCSC (Cyber Incident Response) NPSA TBEST TIBER EU UKCSC (CCP)