Pentest People Announces its Assured Service Provider Status for NCSC’s Cyber Incident Exercising Scheme

Kate Watson

Marketing Assistant

Leveraging her extensive experience in the cyber industry and a talent for creative writing, our Marketing Assistant adeptly translates complex, technical cybersecurity concepts into compelling, informative content that not only engages you, the reader, but also underscores our authoritative position and expertise in the industry.

Pentest People are so proud to announce we have become one of the only few companies in the UK to be an Assured Service Provider in the recently launched National Cyber Security Centre (NCSC) Cyber Incident Exercising (CIE) scheme.

What Does This Mean?

Run by the NCSC, through its ‘Delivery Partners’ CREST and IASME, this initiative enables organisations to easily find reliable cybersecurity professionals capable of evaluating the robustness of their cyber incident response plans and enhancing overall incident management processes.

Incident Response  

As an assured CIE service provider, Pentest People is able to deliver tailored, structured cyber incident exercises to UK businesses, charities, public sector, and government organisations to rehearse, evaluate, and secure their cyber incident response plans.

Pentest People will be expected to deliver:

  • Table-top exercises - Discussion-based sessions where relevant teams come together to discuss their roles, responsibilities, anticipated activities, and critical decision points outlined in the incident response plan. These sessions are facilitated by the CIE Assured Service Provider and are guided by a cyber incident scenario.
  • Live-play exercises – A role-play exercise, team members perform their designated roles and responsibilities within their regular work environment, responding to a controlled feed of information that simulates a specific cyber incident scenario. Activities and decisions unfold in real-time, while the incident pace and timeline are orchestrated by an exercise control function.

The exercises will address incidents with the potential for significant operational, financial, or regulatory repercussions on the affected entity. The scheme includes incidents categorised as Category 3, 4, and 5 within the UK's Cyber Attack categorisation system.

Comment From A Member of the Pentest People Team 

Ian Nicholson, Incident Response Head at Pentest People, said; "At Pentest People, our commitment to safeguarding businesses extends beyond proactive measures. Recognised as an Assured Service Provider for the NCSC's CIE scheme cements our commitment. Our industry-leading Cyber Security Incident Response Plan (CSIRP) is designed to help businesses through breaches or cyber-attacks efficiently. We understand the critical importance of reducing damage and minimising downtime and want to support organisations with a thorough plan and incident response, ensuring swift and effective mitigation for their businesses."

To learn more about the CIE scheme, please visit the NSCS website here.

To find out more about Pentest People’s services, visit:

Video/Audio Transcript