In today’s rapidly evolving threat landscape, the need for credible, competent, and trustworthy cyber security providers has never been greater. To help organisations identify these trusted suppliers, the UK’s National Cyber Security Centre (NCSC) developed the Assured Cyber Security Consultancy scheme.
This blog post provides a clear overview of the NCSC Assured Scheme, the different levels of assurance it offers, and what it means for organisations seeking or delivering cyber security services.
What is the NCSC Assured Scheme?
The NCSC Assured Scheme is a UK government initiative that recognises consultancies and professionals who meet the NCSC’s exacting standards for cyber security services. It is managed in partnership with the IASME Consortium, a leading cyber security certification body.
The scheme aims to:
- Provide confidence to organisations seeking cyber expertise
- Assure the quality and competence of cyber consultancies
- Create a recognised benchmark for security service providers
In essence, it helps buyers identify suppliers that are trusted, experienced, and aligned with the NCSC’s principles.
Key Benefits of Being NCSC Assured
For organisations procuring cyber services, the scheme offers peace of mind that:
- Providers meet the NCSC’s high technical and ethical standards
- Services will be delivered competently and securely
- Advice is aligned with national cyber defence priorities
For cyber security providers, the scheme:
- Validates professionalism and technical quality
- Opens access to high-assurance clients and government contracts
- Demonstrates a commitment to national cyber resilience
The Levels of Assurance in the NCSC Assured Scheme
The scheme is tiered into different levels of assurance, allowing organisations of all sizes and capabilities to be recognised appropriately.
1. Assured Level
Who is it for?
Small-to-medium sized cyber consultancies or those just entering the government/high-assurance market.
What it means:
- The provider has demonstrated basic capability to deliver cyber security consultancy services in line with the NCSC’s baseline expectations
- Assessed and approved through IASME
- Provides a foundation level of trust and professional integrity
Typical Services Covered:
- Risk assessments
- Basic incident response
- Security architecture advice
- Cyber awareness and compliance services
This level allows companies to demonstrate credibility while they grow their capabilities toward more advanced assurance.
2. Enhanced Level
Who is it for?
More mature organisations offering comprehensive and sophisticated cyber security consultancy.
What it means:
- The organisation is assessed against more stringent criteria including staff expertise, methodologies, governance, and client engagement
- Endorsed by the NCSC as a high-quality provider for complex cyber engagements
- Able to support government, critical infrastructure, and high-assurance sectors
Typical Services Covered:
- Advanced security architecture
- Incident response for complex attacks
- Threat modelling and penetration testing strategy
- Long-term cyber resilience consultancy
Enhanced Level certification represents a significant achievement and positions the organisation as a top-tier consultancy.
3. Specialist Categories (Coming Soon / Evolving)
The NCSC has signalled that over time, the scheme will evolve to cover specific service areas such as:
- Risk management
- Cloud security
- Operational technology (OT) security
- Secure system development
This specialisation will allow buyers to choose providers with demonstrated experience in niche or critical areas.
Path to Becoming NCSC Assured
- Preparation
Align with the NCSC’s Cyber Security Consultancy Principles, covering skills, delivery, governance, and ethics. - Assessment via IASME
Submit evidence and undergo review and interviews to assess your organisational and technical competencies. - Award and Registration
Upon successful assessment, your company is added to the NCSC Assured Consultancy register and can promote its status. - Continued Assurance
Organisations must undergo re-assessment at defined intervals and maintain standards through ongoing engagement.
Final Thoughts
The NCSC Assured Scheme plays a vital role in strengthening the UK’s cyber ecosystem. Whether you’re a consultancy aiming to prove your credentials or a buyer looking for reliable security support, the scheme offers a trusted benchmark.
As cyber threats become more sophisticated, the need for recognised, vetted, and capable consultancy services grows. The NCSC Assured Scheme is not just a badge of honour — it’s a commitment to national cyber security excellence.
Useful Links: