NCSC Cyber Incident Response Scheme

The NCSC Cyber Incident Response scheme assures companies that help organisations respond to a cyber incident. There are two levels to this scheme, which provide expertise to organisations of varying sizes and sectors against different types of attack.

Cyber Incident Response Level 1 scheme

Cyber Incident Response Level 1 provides support to victims of significant, bespoke cyber attacks. They deliver a full investigation and offer recommendations on how to prevent it from happening again. The scheme is aimed at:

UK central government
Critical National Infrastructure organisations
Organisations in regulated sectors
Organisations operating in more than one country.

Cyber Incident Response Level 2 scheme

Cyber Incident Response Level 2 providers will support victims of common, often financially motivated cyber attacks. They will investigate and offer recommendations on how to prevent it from happening again. The scheme is aimed at:

Most private sector organisations
Charities
Local authorities and smaller public sector organisations
Organisations operating predominantly in the UK.

The Cyber Incident Response Level 2 scheme will be managed by the delivery partners, such as CREST, who will assess and onboard providers and ensure ongoing compliance.

Applications are open to companies regardless of their membership with CREST.

To find out more about the scheme and how to apply, visit the NCSC CIR L2 scheme page.