The Penetration Testing as a Service (PTaaS®) and cybersecurity experts, Pentest People today announces it has become one of only a few companies in the UK to be an Assured Service Provider in the recently launched National Cyber Security Centre (NCSC) Cyber Incident Exercising (CIE) scheme.

Run by the NCSC, through its ‘Delivery Partners’ CREST and IASME, this initiative enables organisations to easily find reliable cybersecurity professionals capable of evaluating the robustness of their cyber incident response plans and enhancing overall incident management processes.

As an assured CIE service provider, Pentest People can deliver tailored, structured cyber incident exercises to UK businesses, charities, public sector, and government organisations to rehearse, evaluate, and improve their cyber incident response plans. Pentest People will be expected to deliver:

  • Table-top exercises – Discussion-based sessions where relevant teams come together to discuss their roles, responsibilities, anticipated activities, and critical decision points outlined in the incident response plan. These sessions are facilitated by the CIE Assured Service Provider and are guided by a cyber incident scenario.
  • Live-play exercises – A role-play exercise, team members perform their designated roles and responsibilities within their regular work environment, responding to a controlled feed of information that simulates a specific cyber incident scenario. Activities and decisions unfold in real-time, while the incident pace and timeline are orchestrated by an exercise control function.

The exercises will address incidents with the potential for significant operational, financial, or regulatory repercussions on the affected entity. The scheme includes incidents categorised as Category 3, 4, and 5 within the UK’s Cyber Attack categorisation system.


Ian Nicholson, Incident Response Head at Pentest People, said; “At Pentest People, our commitment to safeguarding businesses extends beyond proactive measures. Being recognised as an Assured Service Provider for the NCSC’s CIE scheme cements our commitment. Our industry-leading Cyber Security Incident Response Plan (CSIRP) is designed to help businesses through breaches or cyber attacks efficiently. We understand the critical importance of reducing damage and minimising downtime and want to support organisations with a thorough plan and incident response, ensuring swift and effective mitigation for their businesses.”