Choose one or more skills-based roles, across three levels, to reflect your field of expertise
Take your place on the public CCP register and gain wider recognition for your competence and experience
Validate your cyber security credentials and your role in protecting your organisation’s assets
Enjoy a fast track route to Chartered IT Professional registration when you apply for Senior or Lead CCP
Take up a year’s free BCS membership when you become certified (offer available to non-members only)
Join a community of practitioners raising standards and building the reputation of the UK’s cyber profession
What is the National Cyber Security Centre?
A part of GCHQ, the NCSC is the UK’s technical authority for cyber incidents and threats, working collaboratively with other law enforcement, defence, the UK’s intelligence and security agencies and international partners to help make the UK the safest place to live and work online.
Previously the Communications-Electronics Security Group (CESG), the NCSC was formed in 2016 to provide a single point of contact for SMEs, larger organisations, government and the general public. More specifically the centre is involved in monitoring threats, responding to incidents, and sharing information and expertise to develop the UK’s cyber capability and minimise harm to networks, organisations and the wider society.
How do I become a Certified Cyber Professional?
Start your CCP journey by choosing from the six skills-based CCP roles - you can apply for more than one role at the same time.
Which level should I apply for?
Identify the competence level that’s right for you depending on your level of responsibility and influence in the workplace.
If your role involves working on routine information assurance (IA) tasks, under supervision, then Practitioner is the CCP level to choose; you’ll need to hold a CCP-accredited qualification.
Apply for Senior Practitioner level if you work independently on complex projects and normally lead a team of IA professionals - or you lead or oversee the work of other IA professionals.
Are you a highly-experienced cyber professional working at a senior level in your organisation? Choose Lead Practitioner if you provide leadership and/or advice on complex, strategic IA issues.
What’s involved in the application process?
To apply for CCP, you’ll need to submit a written application providing us with evidence of your competence and experience.
To apply at Practitioner level, there’s a prerequisite for you to hold the BCS Foundation Certificate in Information Security Management Principles or an industry-equivalent qualification.
If you’re applying at Senior or Lead Practitioner level, you’re required to attend an online interview with our CCP assessors.
Before making your application, we recommend reading the NCSC Certification for Cyber Security/IA Professionals document (hosted on NCSC website) which explains the CCP framework in detail and the criteria you’re assessed against.
Start your application by registering online - you’ll need to provide your contact details, select the level and role you’re applying for, and make your payment by debit or credit card.
Once you’ve registered, you’ll receive an email with your username and password to access the CCP application portal - this is where you upload your written documentation and can keep up to date with the progress of your application.
You’ll need to submit the written elements of your application (see steps 2, 3, 4 and 5) within three months of the date that you register, to ensure the information is relevant and up to date. For this reason, we recommend that you prepare your written documentation before you register.
If you haven’t supplied your written submission within three months of the date of your registration, we’ll close your application and provide a refund, however an administration fee of £160 will be withheld.
Applying for multiple roles / levels
You can apply for up to three roles and/or levels in the same application - you’ll be assessed simultaneously for all the roles and levels applied for. If applying at multiple levels, please give your primary focus to the highest-level role.
Your written submission should provide us with detailed evidence of your competence and experience. It’s a key part of your CCP application and you’ll need to set aside a reasonable amount of time to compile accurate and comprehensive information to support your application.
Please read the NCSC Certification for Cyber Security/IA Professionals document (hosted on NCSC website) before completing the written submission form.
BCS membership / CITP registration opt-in
If you’re not already a BCS member you can take up a year’s free BCS membership when you become CCP certified. At Senior or Lead level you’ll also have the option to be assessed for CITP registration as part of your CCP application. The written submission form will ask you if you want to opt into these benefits.
The form will also capture information about your relevant qualifications, any professional membership that you hold, and your designated supporters (see Step 4).
Compiling your evidence
Our assessors will be looking for proof of your personal contribution so be sure to use first-person statements - starting with “I” rather than “we” or “the project”.
Examples that can be verified by your supporters or clients will significantly strengthen your application, as will your ability to present the impact you’ve had, when asking during your interview (Senior and Lead Practitioner levels only).
If you’re applying for multiple roles, make sure you provide sufficient evidence for each role that shows how you perform the role in real-world situations.
Uploading your written submission
You’ll need to upload your completed written submission form to the CCP application portal. If you’re applying at Practitioner level, you also need to upload a copy of your CCP-accredited certificate.
You can upload additional information to further demonstrate your competence and experience in support of your CCP application - we recommend uploading the following as they provide extremely useful context for our assessors:
- up-to-date CV
- organisation chart
Ensure each file you upload is within the 20MB size limit and in one of these formats: doc, docx, pdf, rtf, txt, xls, xlsx, ppt, pptx, vsd, jpg, jpeg.
Please do not submit appraisal documents or personnel assessments. If there’s information in your appraisal or personnel assessment that’s relevant to your application, an appropriate supporter could include it as part of their validation statement (see step 4).
When you apply for CCP, you’ll need to identify a supporter - an individual who you know in a professional capacity, at peer level or above - who’s able to comment on your competence and experience.
Before you upload your written submission, your supporter must review and complete a supporter validation form confirming their relationship to you and their support of your application.
You’ll need supporter validation for every role you apply for. You can identify more than one supporter and we recommend collecting your supporter validation prior to registering which will allow your application to be processed more smoothly.
Please include your completed supporter validation form(s) when you upload your written submission to the CCP application portal.
It’s important that you notify your supporter(s) that BCS will hold their contact details for the purposes of processing your CCP application, and that they may be contacted by us if we require any further information.
Our CCP customer agreement document sets out the terms and conditions of our CCP certification and revalidation, as well as the CCP code of conduct.
Once you’ve uploaded the required documentation (see steps 2, 3, 4 and 5), we aim to process your written submission within 21 working days. A BCS assessor will review your information and make one of the following three decisions:
Successful - if you applied at Senior or Lead Practitioner level, you’ll now progress to the interview stage.
More information required - our assessor may request a telephone discussion with you, or your supporter, if they need further clarification around an aspect of your written submission before making their final decision.
Unsuccessful - our assessor may deem your application unsuccessful based on your written submission. You’ll be informed of the specific reasons why this decision was made.
As soon as we have feedback on your application, we’ll update our progress in the CCP application portal and you’ll also receive an email confirming your next steps.
In some circumstances, our assessor may recommend that you certify at an alternative level to the one for which you applied - in this case, we’ll advise you on the next stage of the process.
If you apply at Senior and Lead level, following successful evaluation of your written submission you’ll be invited to attend an online interview with our assessors.
The interview is conducted by two assessors and the discussion is based around your written submission. One of the assessors will have knowledge of SFIA and the other will have professional knowledge in the specialist areas you work in.
The interview is intended to provide you with the opportunity to further demonstrate your experience and competence in the role(s) you’ve applied for. You should aim to:
- show that you meet the role headline statement at the relevant SFIA level for the role you’re applying for, as set out in the NCSC Certification for Cyber Security/IA Professionals document (hosted on NCSC website)
- discuss in more depth the examples and evidence you provided in your written submission
- demonstrate how you’ve exercised influence and had impact in the roles and projects you’ve been involved in, to support the roles you have applied for.
You can choose to present to the assessors if you feel this will help further demonstrate your experience and competence. If you intend to give a presentation, you must notify BCS in advance and provide us with your slide deck seven days prior to the interview.
Remember not to divulge sensitive information in an online interview. If you feel it’s integral to your application to refer to projects of a sensitive nature, please notify us in advance so we can arrange a face-to-face interview in which we won’t document the sensitive information.
I’m ready to apply
Once you’ve prepared your written documentation, begin your application by registering with us online.
When will my certification expire?
Your CCP certification is valid for three years subject to revalidation after 18 months.
To revalidate you’re required to provide an up-to-date CV and CPD evidence demonstrating that you’re maintaining your skills in your certified role / level. If it’s deemed that you no longer meet the role headline statement for your role, as set out by the NCSC, your certification will be withdrawn.
To recertify after three years, when your CCP certification expires, you need to apply again by following the full application process.
What does it cost?
|New application / recertification||Revalidation|
|Level||Primary role*||Per additional role||Per role|
*When applying for roles at multiple levels, the primary role must be at the highest level.
Already CCP certified?
Exchange cyber threat information in real time by joining the Cyber Security Information Sharing Partnership (CiSP) - the joint industry and government initiative set up to increase awareness and reduce impact on UK business. All applicants must be approved by BCS and the NCSC to join the CiSP.
Getting in touch
We’re here to help with any queries you have about becoming a Certified Cyber Professional.
Call us on +44 1793 417 722 or email firstname.lastname@example.org
We take customer feedback very seriously and always act promptly to investigate any appeals:
This qualification is not regulated by the following United Kingdom Regulators - Ofqual, Qualifications Wales, CCEA Regulation or SQA.