Buying & Building Cyber Services icon
Back
Membership & Accreditation icon
Back
Skills, Certifications & Careers icon
Back
News, Events & Research icon
Back
About Us icon
Back
Login to profile
Join Today Find a Supplier

NCSC Cyber Incident Exercising Scheme

Home  »  NCSC Cyber Incident Exercising Scheme

NCSC CIR L2 Delivery Partner Logo

What is the NCSC CIE scheme?

CREST is a Delivery Partner for a new National Cyber Security Centre (NCSC) scheme to help you find high-quality providers of cyber incident exercising services. The NCSC Cyber Incident Exercising (CIE) scheme gives customers confidence that CIE Assured Service Providers meet the NCSC’s rigorous standards for cyber incident exercising

Assured cyber incident exercising providers will deliver controlled, scenario-based, tailored exercises that simulate cyber incidents. This will allow a wide range of UK businesses, charities, the public sector and government organisations to rehearse, evaluate and improve their cyber incident response plans. 

These providers are assured under the Cyber Incident Exercising Scheme to offer two key forms of cyber incident exercising:    

Table-top exercises 

Discussion-based sessions bring together relevant teams to discuss their roles and responsibilities, expected activities, and key decision points in accordance with an incident response plan. This will be facilitated by the assured Cyber Incident Exercising provider and driven by a cyber incident scenario.    

Live-play exercises 

Team members execute their regular roles and responsibilities in response to controlled injects that represent a given cyber incident scenario. Activities and decisions happen in close to real-time. Live play exercises are best suited to mature organisations looking for in-depth validation of incident response plans. 

How does my company join the NCSC CIE scheme?

Applications are open to companies regardless of their membership with CREST.

Applications are completed via the CREST Membership Application Portal and reviewed by CREST using criteria agreed with the NCSC.

You should familiarise yourself with the NCSC CIE Technical Standard before starting the application process: https://www.ncsc.gov.uk/information/cie-standard

If you are ready to start the process, please contact: [email protected]

How do I procure NCSC CIE services?

To find an Assured Service Provider, you can:

NCSC Cyber Incident Exercising Scheme FAQs

Who is eligible to join this scheme?

Companies operating with a registered office in the UK and staff located physically within the UK.

What do I get as a scheme member?

  • Membership of a select group of companies that have proven their capabilities against the NCSC CIE Technical Standard
  • Exclusive use of the NCSC CIE Assured Service Provider branding
  • Third party independent assurance of your competence against the NCSC CIE Technical Standard
  • Your company promoted as an Assured Service Provider via the NCSC Website
  • Your company promoted as an Assured Service Provider via the CREST Website*
  • Invitation to NCSC CIE Assured Service Provider Only Community Events
  • Incident Response insights from the NCSC
  • Opportunities to collaborate with industry peers and other incident response service providers
  • Scheme promotion and marketing, raising the profile and awareness of Assured Service Providers

*CREST Members will also be promoted via the CREST Find a Supplier functionality.

Who will use the services of the scheme?

UK businesses, charities, public sector and government organisations wanting to exercise within their organisational boundaries.

How much does the scheme cost?

For non-CREST members there is an annual cost of £1,200.00.* For existing CREST members there is a one-off application cost of £1,200.00.

*To help support an increase in capacity and capability discounts are available to Micro-business with an annual revenue of less than £500,000.00. If you think you are eligible for this, please contact [email protected] for more details.

Do I have to be a CREST Member to join the scheme?

No, CREST membership is not required to join the scheme.

What is CREST's role in the scheme?

CREST is a Delivery Partner operating the scheme on behalf of the NCSC.

How long does my Assured Service Provider status last?

Your Assured Service Provider status will last for 12 months and is renewed annually.

You will need to carry out a refresher renewal annually with a full renewal every 3 years.

Periodic reviews may also take place in the event of changes to the NCSC CIE Technical Standard.

How long does the assessment process take?

The assessment process will be concluded within 6 weeks of a completed submission, subject to any feedback and resubmissions.

What do I need to demonstrate for the assessment?

You will be asked to provide a response to questions designed to assess your company, employees and the governance around delivering Cyber Incident Exercising Services.

This includes elements such as, but not limited to:

  • Evidence of compliance to the NCSC CIE Technical Standard
  • Company Details
  • Company Insurances
  • Policies and procedures related to HR and training
  • Information security management
  • Quality Management
  • Complaint handling
  • Governance around service delivery
  • Employee skill, knowledge, and experience

What is the NCSC CIE Technical Standard?

The NCSC CIE Technical Standard outlines the standard required of Assured Service Providers when delivering incident exercising services to Target Organisations.

References to the standard are contained within the application form, and therefore you should familiarise yourself with the content.

The NCSC CIE Technical Standard is available on the NCSC Website: https://www.ncsc.gov.uk/information/cie-standard

Does my team need any specific skills, experience, or certifications?

Your team will need a team lead who has an appropriate level of experience in leading cyber incident exercises.

Initially, this will not be tied to a particular examination or certification, but instead a holistic review of the skills, experience, and competence of the individual via the CREST Skilled Person Register.

For example, the team lead has three year’s worth of experience leading external cyber incident exercises.

We are an existing CREST member how do we apply for the scheme?

Applications can be started using the CREST Membership Application Portal, access to this is typically granted to the person who initially completed your application to join CREST.

If you are unsure of who this person is, please contact [email protected] for further guidance.

We are not an existing CREST member how do we apply for the scheme?

Applications can be started using our online portal, known as the CREST Membership Application Portal. An account can be created for you to facilitate your application.

Please contact [email protected] to get started.

We are not an existing CREST member, can we join CREST as part of the process?

Yes, you can opt to join CREST as part of the process.

To find out more please contact [email protected]