Browse our certifications
Find training
Open page navigation
cyber securitydata protectioninformation analysisinformation assuranceinformation gathering

Recognition by the NCSC for competent cyber security professionals

The NCSC has announced the forthcoming closure of the CCP scheme

New applications will close on the 30th September 2023.

For full details of the closure of this scheme and details of the new chartership initiative run by the UKCSC, please follow the link below.

https://www.ncsc.gov.uk/news/forthcoming-closure-of-ccp-scheme

Recognising competent cyber security experts

Certified Cyber Professional (CCP) recognition will enable you to demonstrate to an employer your Cyber Security competence, knowledge and skills. Individuals can currently achieve recognition as a cyber security Risk Management specialist or Security Architecture specialist.

APMG is a Certification Body for the CCP assured service – recognising individuals who meet the National Cyber Security Centre’s assessment standards.

The National Cyber Security Centre (NCSC):
“The Certified Cyber Professional assured service is a recognition of competence which is awarded to those who demonstrate their sustained ability to apply their skills, knowledge and expertise in real-world situations.”

Why was the Certified Cyber Professional assured service introduced?

The Certified Cyber Professional assured service was developed in consultation with government, industry and academia to address the growing need for cyber security specialists in the UK.  

It sets the standard for UK cyber security professionals and contributes to NCSC efforts to build a community of recognised professionals.

The Certified Cyber Professional assured service previously certified individuals in cyber security roles. NCSC have responded to feedback from Cyber Security professionals and the industry and people will now be recognised against specialisms. 

Who is the Certified Cyber Professional assured service for?

It is currently aimed at Risk Management and Security Architecture Cyber Security professionals working in both the private and public sectors. Allowing individuals to demonstrate their knowledge, experience and skills. It can also help organisations select Cyber Security professionals for assignments and be used to guide professional development of employees.

Benefits for Certified Cyber Professionals:

  • Independent verification and formal recognition of your Cyber Security skills and competence – providing employers and clients with proof of capability
  • Confirmation of your ability to use your specialist knowledge and expertise effectively to deliver business benefits 
  • You become part of a recognised professional body from which employers can recruit.

Benefits for organisations of using Certified Professionals:

  • Enables employers and clients to easily identify competent professionals, who have demonstrated their expertise in a business environment – safe in the knowledge they have been rigorously assessed
  • The scheme can be used as part of a career development pathway – as an independent check of practitioner’s expertise 
  • Choosing to use suppliers who employ certified professionals may help to reduce supply chain risks. 

The Assessment Process

Cyber Security specialists can choose from two levels of specialism: Certified Cyber Professional and Associate Cyber Professional. To start the process for both levels you need to prove that you have foundational knowledge of cyber security. This can be shown through having one or more of the below:

  • An NCSC-certified degree (undergraduate or postgraduate)
  • Certified Information Systems Security Professional (CISSP), including full membership of (ISC)²  
  • Certified Information Security Manager (CISM), including full membership of ISACA  
  • Full membership of the Chartered Institute for Information Security (CIISec) 
  • Proof of having passed an appropriate NCSC internal skills level assessment  
  • Proof of having completed an internal NCSC professional development framework (for example for cyber security architecture).

For Security Architecture only, candidates can apply through an additional route:

  • NCSC Certified Cyber Security Consultancy Scheme head consultants and NCSC staff members holding a minimum of security architecture skill 6.4 level 3 may vouch for the foundational knowledge of applicants with whom they have worked in the previous 2 years. They must have worked with these individuals for a period of no less than 12 months.

You will then be required to submit a case study and invited to attend an interview. Detailed guidance on the process and which specialism is appropriate for you is available here. To request further information about the application process and for information on the fees, please email: ccp@apmg-international.com. Once achieved recognition lasts for three years. Re-validation is required every 18 months to ensure professionals have remained up to date. To re-validate their certification professionals will need to demonstrate continuing professional development.

Professionals who were Certified in a Role

CCP is currently in a transition period – with certification in specialisms being introduced. No-one is required to hold both a role and a specialism certification for the same cyber security activity. All candidates with a non-expired role certification are unaffected – your role certifications will continue to be valid in the usual way, which includes the need to revalidate, until the period for which you were certified has expired.

If you have any queries about the above, please email james.davies@apmgroup.co.uk

Rate your experience with us...

RELATED PRODUCTS

Leopard

CDCAT® - Cyber Defence Capability Assessment Tool

Unrivalled in the NIST Cybersecurity Framework maturity, cyber risk quantification and much more

View more

DVMS Institute - NIST Cybersecurity Framework

Teaching organizations of any size, scale, or complexity an Affordable, Pragmatic, and Scalable approach to facilitating secure, resilient, and auditable digital outcomes.

View more
Silhouette of a back-turned person, shining a helmet torch's beam into a starry night sky. The figure represents NCSC.

NCSC Assured Training

Identify high quality, relevant cyber security training courses

View more

TESTIMONIALS

As ONR's lead for auditing and regulating Cyber Security and Information Assurance across the whole of the UK’s civil nuclear sector, I need to be assured that the sector is staffed by competent professionals who have been rigorously and independently assessed for their knowledge, skills and experience. CCP provides that verification.

Robert Orr, Head of Cyber Security & Information Assurance Regulation, Office for Nuclear Regulation

I found APMG very easy and helpful to deal with. I had two queries during the course of my application; both were resolved quickly and effectively. The efficiency of APMG’s application process and quick resolution of queries were the prime reasons for being able to achieve certification in just six days.

Laure Lydon, CCP Lead SIRA, Senior Consultant at Ultima Risk Management

The Certified Professional (CCP) certification is increasingly seen as a de-facto standard for Cyber Security and IA practitioners in UK industry and public services. Appropriate CCP recognition also meets ONR's regulatory expectations for Suitably Qualified and Experienced cyber security and information assurance Professionals (SQEP) who are working in, or providing support to, the UK civil nuclear industry.

Robert Orr, Head of Cyber Security & Information Assurance Regulation, Office for Nuclear Regulation

CONTACT US

FAQs

What specialisms are available?

An individual can apply for Cyber Professional Certification for any of the two specialisms:

  • Risk Management 
  • Security Architecture 

At the following levels: 

  • Associate Cyber Professional 
  • Certified Cyber Professional 

The two levels are not cumulative, i.e. candidates do not need to be certified at Associate Cyber Professional level to apply for the Certified Cyber Professional. 

Are there any pre-requisites to the scheme?

Currently the scheme is only available to individuals working in the United Kingdom who have a UK address. In additional, candidates must meet one of the foundational requirements below: 

  • An NCSC certified degree (undergraduate or postgraduate) or
  • Certified Information Systems Security Professional (CISSP), including full membership of (ISC)² or
  • Certified Information Security Manager (CISM), including full membership of ISACA or
  • Full membership (MCIIS) of the Chartered Institute for Information Security ( CIISec ) or
  • Proof of having passed an appropriate NCSC internal skills level assessment or
  • Proof of having completed an internal NCSC professional development framework (for example for cyber security architecture).

OR, for the Security Architecture specialism only: NCSC Certified Cyber Security Consultancy Scheme head consultants and NCSC staff members holding a minimum of security architecture skill 6.4 level 3 may vouch for the foundational knowledge of applicants with whom they have worked in the previous 2 years for a period of no less than 12 months.

What is the assessment process?

Applications are assessed by two APMG Assessors at all times. All candidates must complete an Application Form and submit it with their supporting documents, which must include up to two case studies. If the case study(ies) have met the required threshold, candidates will receive an invitation to attend a 1 to 2 hour-long interview. Candidates are allowed one resubmission. Notification of their result will be provided within 30 to 40 working days. Candidates must complete their application within 12 calendar months. 

For detailed information, please refer to the APMG  CCP Candidate Guidance under Useful Documents on this page. 

If I request a face to face interview, where will I need to travel to?

If, in exceptional circumstances, an applicant requires a face-to-face interview, this will be arranged at an agreed location on a date and time that is mutually convenient to the applicant and the assessors. This is likely to delay the overall process.

When will the interview be carried out?

Interviews will only be scheduled after the Case Study Assessment is successful and APMG receives the relevant referee statements. The Lead Assessor will contact each candidate directly to schedule an interview at a suitable time. 

How long is the certification valid for?

The certification will last 3 years. All candidates are required to re-validate their certification(s) every 18 months following the initial award of recognition in a CCP specialism. The requirement is for 120 hours of CPD/CPE over a total of 3 years, with a minimum of 20 hours each year.

Will I get a certificate? How secure is the certificate?

Successful candidates will receive an electronic certificate within 10 working days from receiving their results.

Can I apply for more than one specialism on my application?

Yes, however candidates must submit separate applications for each specialism as they will be assessed by a different pool of assessors. 

Who will conduct the assessments? Who are your assessors?

All of our assessors hold the appropriate security clearance depending on the level required for the application. They are all experienced professionals in their own fields and they will have been trained by the APMG who are in turn accredited by the UK Accreditation Service (UKAS).

Are there any additional requirements during the period of certification?

All certification holders will be required to undergo re-validation at the mid-point of their certificate (i.e. 18 months after certification). The re-validation process will look at CPD and experience since certification was awarded. There is a fee for the cost of the re-validation.

What will happen to my existing certification under CCP Roles?

CCP is currently in a transition period – with certification in specialisms now being available. No-one is required to hold both a role and a specialism certification for the same cyber security activity. All candidates with a non-expired role certification are unaffected – your role certifications will continue to be valid in the usual way, which includes the need to revalidate, until the period for which you were certified has expired.

FIND ME A TRAINING PROVIDER

Certified Cyber Professional (CCP) assured service

Please tell us your training requirements and we'll find you a training provider

BECOME A TRAINING ORGANISATION

Please provide your company details to begin your journey to becoming accredited

Close

Certifications & Solutions

Accredited Training Organizations

Leadership

Accredited training providers

Certifications & Solutions

Select any filter and click on Apply to see results