industry news SME profile Thursday 12 Apr 2018 @ 12:30 About the Certified Professional scheme

About our Certified Professional (CCP) scheme and the benefits for UK cyber security organisations and professionals.


The UK needs more skilled people in the cyber security profession — now, and for the future. As the UK’s national technical authority for information assurance (IA), the NCSC is playing a pivotal role in addressing the skills gap and building the UK’s cyber security capability.

We developed the Certified Professional (CCP) scheme in consultation with government, industry and academia to address the growing need for specialists in the cyber security profession. The CCP scheme sets the standard for UK cyber security professionals, and is at the heart of our efforts to build a community of recognised professionals.

We've been listening carefully to the feedback from users and participants in CCP, and know some areas we need to make improvements. This will enable the process to focus on the skills that really matter. See the blog 'Certifying the professionals' for more details.

CCP is not just a qualification — it is a certification which is awarded to those who demonstrate their sustained ability to apply their skills, knowledge and expertise in real-world situations.

The benefits of certification...

...for cyber security professionals:

  • your professional expertise and competence is independently assessed and verified by Certification Bodies (CBs) approved by the NCSC
  • your ability to apply your knowledge and expertise effectively to deliver business benefits is confirmed
  • your proficiency in specific roles sets you apart from others
  • you are part of a recognised and growing professional community from which employers can recruit cyber security professionals as employees or contractors
  • you will be eligible to work on UK government networks and Critical National Infrastructure (CNI) projects (subject to security clearances)

...for employers of cyber security professionals:

  • you can use the scheme in-house to ensure that your own practitioners are developing their expertise and enjoying the above benefits
  • you can have confidence that the certified cyber security professionals you are employing have been independently and rigorously assessed
  • you can have confidence that the certified professionals have demonstrated their expertise in cyber security and their ability to apply skills, knowledge and experience effectively in a business environment
  • you can have confidence that they have the specific expertise you require to meet your business needs
  • influencing your suppliers to employ certified professionals may also help to reduce your supply chain risks by giving you increased confidence in your suppliers' ability to effectively manage risks to information — both yours and theirs


Getting certified: How does it work?

Step 1: Choose your area of expertise from one of the skills based roles

  • IA Accreditor
  • Security and Information Risk Advisor (SIRA)
  • IA Architect
  • IA Auditor
  • IT Security Officer
  • Communications Security Officer

Step 2: Choose the competence level you wish to be assessed at

  • Practitioner — entry level to CCP and suitable for individuals who work on routine IA tasks under supervision
  • Senior Practitioner — suitable for individuals who work independently on complex projects and who normally lead a team of IA professionals or lead or oversee the work of other IA professionals
  • Lead Practitioner — suitable for highly experienced individuals working at senior levels in an organisation, who provide advice and/or leadership on complex strategic IA issues. 
    (It does not follow that professionals who are very experienced at Senior level will meet the role description for Lead)

Please see the attached documents (see the Downloads tab for this page) for guidance to help you:

  • decide which role and level is right for you
  • understand what evidence is required for CCP roles at the Practitioner level of competence

Step 3: Choose your NCSC-approved certification body

Certification is provided by certification bodies (CBs) approved by the NCSC. Each CB has a slightly different assessment process but all work to our rigorous CCP standard. Please see Certification bodies for IA professionals and consult the CBs' websites for more details.



Certification for Cyber Security IA Professionals - issue 5 3 - Oct 16.pdf
PDF, 2227.82KB
This file may not be suitable for users of assistive technology.

Application Guidance CCP Accreditor Role (Practitioner Level).pdf
PDF, 902.15KB
This file may not be suitable for users of assistive technology.


Application Guidance CCP Architect Role (Practitioner Level).pdf
PDF, 868.97KB
This file may not be suitable for users of assistive technology.


Application_Guidance CCP SIRA Role (Practitioner_Level) v1-1.pdf
PDF, 1032.55KB
This file may not be suitable for users of assistive technology.


Application_Guidance CCP SIRA Role (Practitioner_Level) v1-1.pdf
PDF, 1032.55KB
This file may not be suitable for users of assistive technology.

Further reading

Certified Professional
Certifying the professionals




Delivering Measurable Value in the Public Sector