The Cyber Incident Response (CIR) Level 2 (L2) scheme has been introduced to complement the original CIR scheme, which will now be re-designated as CIR Level 1 (L1). CIR L2 aims to assure providers against a different standard, which calls for a more widely attainable level of technical experience to widen the supply of assured CIR providers.
The requirements of the CIR L2 standard are designed to support target organisations at risk of common cyber-attack. Such organisations are likely to include most private sector organisations, charities, Local Authorities and smaller public sector organisations and organisations which operate predominantly in the UK.
Applications are open to companies regardless of their membership with CREST.
Applications are completed via the CREST Membership Application Portal and reviewed by CREST using criteria agreed with the NCSC.
You should familiarise yourself with the NCSC CIR L2 Technical Standard before starting the application process: https://www.ncsc.gov.uk/information/cir-l2-standard
If you are ready to start the process, please contact: [email protected]
To find an Assured Service Provider, you can:
Companies operating with a registered office in the UK and incident response staff located physically within the UK.
Companies will also need to be able to deploy staff to all locations within the UK when requested to by a target organisation.
*CREST Members will also be promoted via the CREST Find a Supplier functionality.
Private sector organisations, charities, Local Authorities and smaller public sector organisations, and organisations which operate predominantly in the UK.
For non-CREST members there is an annual cost of £1,200.00.*
For existing CREST members who hold the CREST CSIR accreditation, there is no additional cost to become a member of the scheme.
For existing CREST members who do not hold the CREST CSIR accreditation, there is a one-off application cost of £1,200.00.
*To help support an increase in capacity and capability discounts are available to Micro-business with an annual revenue of less than £500,000.00. If you think you are eligible for this, please contact [email protected] for more details.
No, CREST membership is not required to join the scheme.
CREST is a Delivery Partner operating the scheme on behalf of the NCSC.
Your Assured Service Provider status will last for 12 months and is renewed annually.
You will need to carry out a refresher renewal annually with a full renewal every 3 years.
Periodic reviews may also take place in the event of changes to the NCSC CIR L2 Technical Standard.
The assessment process will be concluded within 6 weeks of a completed submission, subject to any feedback and resubmissions.
You will be asked to provide a response to questions designed to assess your company, employees and the governance around delivering Cyber Incident Response Services.
This includes elements such as, but not limited to:
The NCSC CIR L2 Technical Standard outlines the standard required of Assured Service Providers when delivering incident response services to Target Organisations.
References to the standard are contained within the application form, and therefore you should familiarise yourself with the content.
The NCSC CIR L2 Technical Standard is available on the NCSC Website: https://www.ncsc.gov.uk/information/cir-l2-standard
Your team will need a team lead who has an appropriate level of experience in leading Incident Response engagements.
Initially this will not be tied to a particular examination or certification, but instead a holistic review of the skills, experience, and competence of the individual via the CREST Skilled Person Register.
For example, has five years’ worth of experience leading external incident response engagements.
Applications can be started using the CREST Membership Application Portal, access to this is typically granted to the person who initially completed your application to join CREST.
If you are unsure of who this person is, please contact [email protected] for further guidance.
Applications can be started using our online portal, known as the CREST Membership Application Portal. An account can be created for you to facilitate your application.
Please contact [email protected] to get started.
Yes, you can opt to join CREST as part of the process.
If successful, you will also be granted the CREST CSIR Accreditation in addition to Assured Service Provider status with the NCSC.
To find out more please contact [email protected]