CREST Cyber Security Incident Response (CSIR) scheme

Created:  01 Oct 2016
Updated:  04 Sep 2018
CREST certified companies delivering effective cyber security incident response services for the majority of industry, the wider public sector and academia.

The Cyber Security Incident Response scheme (CSIR) is approved by CREST (Council of Registered Ethical Security Testers) and focuses on appropriate standards for incident response suited to industry, the wider public sector and academia.

The NCSC and CPNI have endorsed the CREST CSIR scheme as having the necessary requirements and control mechanisms to ensure CREST certified companies are able to deliver effective cyber security incident response services.

Details of requirements and application process are available on the CREST website.

Professional Qualifications

Mandated cyber security professional qualifications (eg, Intrusion Analysis, Malware Reverse Engineering) for service providers certified under both the NCSC/CPNI and CREST schemes are being phased in. Until this is complete, the holding of such qualifications will be considered desirable, but not mandatory, evidence that the potential service provider meets the relevant scheme requirements.

Further reading

Was this information helpful?

We need your feedback to improve this content.

Yes No