New scheme ready for Cyber Incident Exercising providers

Published date:

New scheme ready for Cyber Incident Exercising providers
New scheme ready for Cyber Incident Exercising providers

A new Cyber Incident Exercising scheme is now open for organisations to apply to be Assured Providers, with IASME and CREST as NCSC delivery partners.

We all know that exercising is good for us, even though it can be hard work, at times uncomfortable and may reveal things we’d rather not know. But it has the potential to change us for the better.

This is also true for cyber incident exercising, which can transform an organisation’s preparation and response to a cyber incident. That’s why in the National Cyber Security Centre (NCSC) have been thinking about how to recognise companies that offer high-quality cyber incident exercising services to UK organisations.

NCSC are pleased to announce that their brand new Cyber Incident Exercising (CIE) scheme is now open for companies to apply to become Assured Service Providers.

More about the scheme

Delivered in partnership with CREST and IASME, the scheme will assure companies to deliver organisations two types of cyber exercises to test their incident response plans:

  • Table-Top – discussion-based sessions where participants talk about their roles and responsibilities, activities and key decision points (in line with their organisation’s incident response plan) for a pre-agreed scenario.
  • Live-Play – sessions where participants carry out their roles and responsibilities in close to real time, in response to a controlled feed of information, representing a pre-agreed scenario. Live play exercises are best suited to mature organisations looking for in-depth validation of plans.

The exercises are designed to simulate incidents which have a significant impact on a single client organisation. Note that it doesn’t cover incidents spanning multiple organisations or category 1 and category 2 incidents as defined by the UK cyber incident categorisation system.

NCSC delivery partners

NCSC have chosen CREST and IASME as their two delivery partners to manage the assessment on their behalf, and to onboard, monitor and offboard Assured Service Providers. CREST and IASME offer different routes, but both meet the NCSC’s high standards while offering a choice of approach to potential Service Providers.

Both CREST and IASME are now ready to accept enquiries and applications from UK-based providers of cyber incident exercising services. You can find the CIE scheme standard on the NCSC website, and details of the fee structure and how to apply on our delivery partners’ websites: CREST and IASME.

Once NCSC have accepted enough companies into the scheme, they will officially announce that the scheme is open for business, and then publish information for organisations looking for exercising services.