top of page

New NCSC Cyber Incident Exercising scheme opens for business

The NCSC has launched a new Cyber Incident Exercising scheme, giving organisations access to NCSC-assured exercising providers for the first time.

In August, the NCSC announced CREST and IASME as Delivery Partners for the scheme, to manage the assessment on behalf of the NCSC, and to onboard the assured exercising service providers.

With a number of Assured Service Providers now in place, the scheme is open for business. A list of service providers can be found on the Cyber Incident Exercising scheme page.

The new CIE Scheme provides organisations with access to NCSC-assured CIE service providers able to create bespoke, structured table-top or live-play cyber incident exercises.

It sits alongside the NCSC’s free and easy to use Exercise in A Box tool that allows testing of incident response against a host of generic cyber incident scenarios. Assured Cyber Incident Exercising companies will work alongside, challenge and help organisations to robustly practise their responses in a safe environment.

The scheme assures companies to deliver two types of cyber exercises:

  • Table-Top - discussion-based sessions where participants talk about their roles and responsibilities, activities and key decision points (in line with their organisation’s incident response plan) for a pre-agreed scenario.

  • Live-Play - sessions where participants carry out their roles and responsibilities in close to real time, in response to a controlled feed of information, representing a pre-agreed scenario. Live play exercises are best suited to mature organisations looking for in-depth validation of plans.

The exercises are designed to simulate incidents which have a significant impact on a single client organisation. The scheme does not cover category 1 and category 2 incidents, as defined by the UK cyber incident categorisation system.

Speaking of the new scheme, NCSC Director of Operations Paul Chichester said:

“I’ve often said the first time you try out your cyber incident response plan shouldn’t be on the day you are attacked. So if you do only one thing on a regular basis, incident exercising should be it. That’s why I’m delighted that the NCSC’s Cyber Incident Exercising scheme is now open and buyers can use it to find trusted providers that can help you prepare for when the worst happens.
Exercising in a safe and supportive environment will allow all the relevant teams and individuals to properly understand their roles and maximise their effectiveness during an incident. In turn this will help to minimise harm and improve the resilience of both individual organisations and the UK as a whole.”

CREST Head of Accreditation, Jonathan Armstrong, said:

“CREST is committed to ensuring the highest standards across the cyber security industry and to supporting buyers through the NCSC’s scheme. Using Assured Providers will ensure they are getting the services they need from credible suppliers who meet both ours and NCSC’s high standards.”

Dr Emma Philpott MBE, CEO of IASME, said:

“We are thrilled to partner with NCSC to help deliver the Cyber Incident Exercising Scheme. Practicing what you would do in the event of a cyber security incident with the support of an experienced, expert team significantly enhances the resilience of any business. This initiative helps organisations of all sizes to identify the most suitable provider to work with, knowing that they are assured under the NCSC scheme.”

Resources and guidance

How to find an NCSC Assured Cyber Incident Exercising provider

You can find a list of NCSC Assured Cyber Incident Exercising providers via the scheme’s “Find a Provider” page or the main “Verify suppliers” search on the NCSC website.

Become an Assured Service Provider

If you offer exercising services and are interested in joining the new Cyber Incident Exercising scheme, visit the scheme’s “Information for Service Providers” page, where you can find the CIE scheme standard and details of the fee structure and how to apply on our delivery partners’ websites: CREST and IASME. Working with industry to extend the reach of the NCSC

As the National Technical Authority for cyber security, the NCSC helps define best-practice standards. Through Industry Assurance schemes like the Cyber Incident Exercising scheme they assess industry services against the NCSC’s standards.

They currently have over 400 companies offering services on behalf of the NCSC.

For more information about the scheme and how to apply go to: CREST:


The National Cyber Security Centre (NCSC) is a UK Government organisation that provides advice and support for the public and private sector in how to avoid security threats from the internet. NCSC support the most critical organisations in the UK, the wider public sector, industry, SMEs as well as the general public.


CREST is a not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognised accreditations for organisations providing technical security services and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and security operations centre (SOC) services.

CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence. About IASME

IASME is a UK-wide organisation that breaks down barriers to accessing cyber security skills and expertise. With a network of more than 300 cyber security companies, IASME advise and certify organisations of all sizes in cyber security. IASME is the sole delivery partner for the UK Government’s Cyber Essentials scheme.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page