This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

NCSC – Certified Cyber Security Consultancy Scheme

What is the Certified Cyber Security Consultancy scheme?

The NCSC (formerly CESG) Certified Cyber Security Consultancy scheme is primarily aimed at public-sector organisations that have to use a government-approved procurement framework to purchase or acquire security services, and at private-sector organisations that have to provide assurance that the services they provide are secure.

The NCSC scheme, which is now focused on consultancy companies rather than individual consultants, seeks to establish the wider credentials of such companies in delivering high-quality, tailored and expert cyber security advice.

Managed by the National Cyber Security Centre (NCSC), consultancy companies registered under the scheme can apply to be listed as an approved supplier. The NCSC has worked in partnership with the Crown Commercial Services (CCS) to establish a central route for the public sector to procure certified consultancy services.

This initiative is aimed at providing the government, as well as the wider public sector and critical national infrastructure (CNI) facilities, with support on a varied and complex range of cyber security issues.

Why this certification matters to you

One of the benefits of the NCSC scheme is that every certified consultancy will be assured by the NCSC. Organisations delivering NCSC-approved cyber security consultancy must appoint a suitably skilled NCSC Certified Professional (CCP).

Whether you are a public-sector organisation seeking government-approved service suppliers, or a private-sector organisation in need of highly qualified consultancy services, the certification is a guarantee of the consultancy’s ability to deliver quality cyber security advice and services.

Certified cyber security consultancies will have demonstrated that they:

  • Have a proven track record of delivering defined cyber security consultancy services;
  • Have a level of cyber security expertise supported by professional requirements defined by the NCSC; and
  • Manage consultancy engagements in accordance with industry good practice.

Certified cyber security consultancies will also have shown that they meet the NCSC’s standards and can be trusted to act in the government organisation’s name. As a prospective customer of a Certified Cyber Security Consultancy, you need to consider which services you need.

The majority of the public sector is overwhelmed

Public-sector entities, whether they are part of the national government or a local council, are increasingly required to adopt new frameworks, directives, policies and standards with respect to risk, compliance and data protection. For some government institutions the prospect can be daunting – many organisations lack the adequate manpower or are simply overwhelmed with the task.

For instance, under the GDPR, organisations have 30 days to respond to subject access requests (SARs). Research conducted by IT services company Bluesource, which made SARs to 30 public-sector organisations including the Bank of England, London Fire Brigade, the Metropolitan Police, HM Treasury, Bexley London Borough Council and the Crown Prosecution Service, found the vast majority (84%) of those organisations took significantly longer to respond than 30 days. Bluesource had to wait 351 days for a response to one of the SARs.

It is clear there is still a lot of confusion surrounding compliance.

How IT Governance can help you

Our Audit and Review consultancy service is certified by the NCSC, which means it adheres to the highest quality standards. Because of the high standards the government demands from consultancies seeking to be certified, only a handful of organisations so far have achieved NCSC certification for Audit and Review.

The Audit and Review consultancy service is designed for public-sector organisations requiring trusted consultancy services to achieve compliance with local standards, frameworks or regulations. It’s also beneficial for private-sector entities seeking greater confidence in them from customers and stakeholders.

The service is useful for organisations looking to comply with UK government standards, frameworks and guidelines such as the Security Policy Framework, National Cyber Security Strategy, 10 Steps to Cyber Security, IA Maturity Model and 20 Critical Controls. Organisations can also leverage our expertise by having a thorough audit performed on specific provisions of international standards that are causing problems. See how we helped an organisation achieve secure email standard accreditation.



Why choose IT Governance?

IT Governance is a leader in the field of information management standards and best-practice IT governance. Fully certified and with more than 15 years of experience, we have helped global organisations in the private and public sectors obtain local and international regulatory accreditations.

We offer a complete set of products and services, including consultancy, penetration testing, audits, books, toolkits, training courses and staff awareness for IT governance, risk management, cyber security, regulatory compliance and data protection. This means you can get whatever you need for your project in one place.

IT Governance is duly recognised under the following frameworks:

  • UK government CCS-approved supplier of G-Cloud 9 services
  • NCSC certified for Audit and Review consultancy
  • CREST certified as ethical security testers
  • Cyber Essentials Plus certified, the UK government-backed cyber security certification scheme
  • ISO 27001 certified, the world’s most recognised cyber security standard

IT Governance’s strong background in ISO 27001 and cyber security, combined with our extensive expertise working with both the private and public sectors, is proud to have achieved NCSC certification. The process requirements are very strict and adhere to the highest security standards. Find out more >>

Speak to an expert

For more information on how IT Governance can help with your Cyber Security Audit please contact us by using the methods below.