Cyber Consultancy for Customers
The NCSC's certified cyber security consultancies have shown that they meet our standards and can be trusted to act in our name.
As a prospective customer for Certified Cyber Security Consultancy you need to consider which services you need. Cyber security is a broad and complex discipline and not every supplier will be able to deliver solutions to meet your cyber security challenges. You may wish to get the advice of an independent advisor to act as a 'client friend' to help you define the services you need.
Factors you need to consider include:
- The type of consultancy you need, for example Security Architecture, Risk Management, Risk Assessment or Audit & Review.
- Whether the consultancy has experience in the sector you operate, for example Central Government, wider public sector (such as local authority, County Council or NHS) or Critical National Infrastructure (CNI).
- The scope of consultancy you need (topic specific or across a range of areas) and therefore the depth and breadth of the services offered by a consultancy.
- That business objectives and threat levels vary significantly between sectors and drive different working practices. You will also need to validate whether claims of sector experience made by a consultancy meet your specific needs.
- Whether you need your consultancy to have IA cyber security expertise in a particular technology, eg web applications, networks, operating systems
- Whether security clearances are required. We sponsor security clearances for named individuals of certified consultancies but there is no obligation for their staff to be cleared. If security clearances are required, stipulate this in any invitation to tender.
Whatever your requirement, by choosing a company certified by the Certified Cyber Security Consultancy scheme you can have confidence that:
- It has met the NCSC's standards and can be trusted to act in our name
- It has a proven track record in delivering high quality consultancy services to customers
- It has demonstrated that it has a defined process for working with customers to understand their needs and tailors advice accordingly
- It has demonstrated a clear understanding of current and potential cyber threats and techniques and potential effective mitigations
- It has demonstrated that it acts with integrity objectivity and proportionality; it protects the client's confidentiality and integrity and complies with relevant laws and regulations
- It seeks to continuously improve the services offered to meet the evolving needs of the customer
Was this information helpful?
We need your feedback to improve this content.