Market engagement exercise for new Cyber Incident Response and Cyber Incident Exercising Services

The NCSC is seeking companies to help develop the assurance scheme for new Cyber Incident Response and Cyber Incident Exercising Services.

dominoes-topple.jpg

15 November 2021

The NCSC is conducting a market engagement exercise to develop a new scheme that will assure a new Cyber Incident Response Service and a new Cyber Incident Exercising Service.

The new NCSC Assured Cyber Incident Response Level 2 and Cyber Incident Exercising Scheme will provide a route for businesses offering cyber incident response and cyber incident exercising services, to have those services assured against NCSC Standards.

The Cyber Incident Response Level 2 Service will assure incident response services that are offered by companies to local government and large, medium and small businesses. It will complement and extend the NCSC’s existing CIR Service (shortly to be re-branded as the Cyber Incident Response Level 1 Service) which currently supports UK Central Government and large businesses with complex IT systems.

The Cyber Incident Exercising Service will assure scenario-based exercising services, covering table-top and live-play formats, that are offered by companies to large and medium sized organisations and UK Government (central and regional) who want to practice, evaluate and improve their cyber incident response plans in a safe environment.

Companies wishing to provide these new service offerings to end users and who can demonstrate that they meet NCSC standards, will be referred to as Assured Service Providers.

Service Providers can choose to offer both the Cyber Incident Response Level 2 Service and the Cyber Incident Exercising Service, or to specialise in the delivery of one of those services.

The Service Providers will be administered by Assured Scheme Partners who will engage candidate Service Providers, assess them against NCSC standards, on-board successful candidates, and assure the ongoing quality of the Service Providers’ service.

These Scheme Partners will be required to administer both the Cyber Incident Response Level 2 Service and the Cyber Incident Exercising Service. A Scheme Partner will not be allowed to operate as a Service Provider.

Market engagement exercise

The NCSC is now inviting prospective Assured Scheme Partners to participate in a market engagement exercise to review and contribute to the final design of the new scheme. This is likely to include reviewing:

  • the proposed operating model

  • how NCSC’s technical standards for the two services will be implemented

  • how management information will be collected.

If you represent a company that might be a prospective Assured Scheme Partner and would like to participate in the market engagement exercise, please email to register your interest Comm.Schemes@ncsc.gov.uk by providing details of your company.

If you are likely to be interested in becoming an Assured Service Provider rather than an Assured Scheme Partner, please do not apply to participate in the market engagement exercise but instead wait until we announce the launch of the scheme, probably during Q2 2022. At that time we will announce that the scheme is open for applications from potential Service Providers.

Not taking part in the market engagement will not exclude companies from applying to be Assured Scheme Partners or Assured Service Providers when the scheme is launched.