The National Cyber Security Centre announce IASME and CREST as delivery partners for new Cyber Incident Exercising scheme

Sep 26, 2023 | News and Events

Exercise is good for you! 

It’s a familiar message but often not the easiest advice to follow.  Exercising is a commitment, it takes time and energy and can be uncomfortable and embarrassing. Yet, exercise can be transformative; it can make all the difference to staying healthy, balanced and prepared.

Your organisation’s health and resilience also depends on exercising – cyber incident exercising. That is the scheduled practising of how you would respond to a cyber attack or incident. No one is safe from the threat of cyber attack and the National Cyber Security Centre (NCSC) recommends that all organisations improve their cyber resilience by creating and practising a cyber incident response plan.

To help every organisation build this good habit, the NCSC have developed a new Industry Assured Scheme. The aim is to help a wide range of UK businesses find a high quality provider to help them rehearse, evaluate and improve their cyber incident response plan.

The Cyber Incident Exercising (CIE) Scheme is delivered in partnership with IASME and CREST who will evaluate and onboard companies wishing to apply to become Assured Service Providers.

 CIE Assured Service Providers will offer Two types of cyber exercises to organisations which want to test their existing cyber incident response plans:

 Table-Top – discussion-based sessions where participants talk about their roles and responsibilities, activities and key decision points (following their organisation’s incident response plan) in relation to a pre-agreed scenario.

Live-Play – more in-depth sessions in which participants execute their roles and responsibilities to respond to events in a real world cyber scenario. Activities are tailored to the organisation and take place in close to real-time, providing a realistic simulation of a cyber event. Live play exercises are best suited to mature organisations looking for in-depth validation of plans.

The scope of the Scheme covers exercises designed to simulate incidents which have a significant impact on a single client organisation. It does not cover incidents spanning multiple organisations or Category 1 and Category 2 incidents as defined by the UK’s Cyber Attack categorisation system.

 IASME and CREST will both manage the assessment, onboarding, monitoring and offboarding of Assured Service Providers on behalf of the NCSC. Both companies meet the NCSC’s high standards, yet offer different routes into the scheme.

Fairness and inclusion are important values for IASME and we feel strongly about ensuring that smaller cyber security companies and those working hard to address issues of under-representation in the cyber security workforce are able to apply to become Assured Service Providers.

Whatever your size, if you are a UK-based provider of Cyber Incident Exercising services, we welcome your enquiries and application.

 You can find the CIE Scheme standard on the NCSC website.

For details of the fee structure and how to apply to become a CIE Assured Service Provider, go to:link to webpage

The first Assured Service Providers for the scheme will be available soon. They will be listed on the NCSC website once they are available.

If you are interested in using Cyber Incident Exercising services and would like to be notified when the first providers are available, please contact our customer services team on [email protected] or call 03300 882 752.

You can find guidance on creating a cyber incident response plan at the NCSC website

Read the official announcement here