What is the Certified Cyber Professional (CCP) assured service?

The CCP assured service has been developed by the NCSC in consultation with government, industry and academia to address the growing need for specialists in the cyber security profession, and sets the standard for UK cyber security professionals.

Changes to the CCP assured service

Following a pilot, the CCP assured service has changed. When CCP was originally introduced, people were certified in cyber security roles. After listening to feedback from users and professionals, NCSC has decided to refresh and streamline the assessment process to focus more closely on critical skills. As a result, candidates will now be recognised in specialisms instead of roles.

Please note: NCSC will honour the expiry date on role certifications already awarded. No-one will be required to hold both a role and a specialism certification for the same cyber security activity.

If you have any queries, please contact ccpsupport@bcs.uk.

How do the existing and new CCP assured service compare?

The new assessment process for CCP specialisms is significantly different from that previously adopted for CCP roles.

Previous service
Roles based
Three levels:
  • Lead Practitioner
  • Senior Practitioner
  • Practitioner
6 skills based roles


New service
Specialism based
Two levels:
  • Certified Cyber Professional
  • Associate Cyber Professional
Risk Management and Security Architecture specialisms have launched, and an Auditor specialism is scheduled to follow later in 2022.


The CCP assured service guidance can be found on the NCSC website:

Submit an application to have your experience recognised

If successful in the assessment process to determine your CCP level (which includes a comprehensive interview), you will be able to:

Take your place on the public CCP register and gain wider recognition for your competence and experience

Validate your cyber security credentials and your role in protecting your organisation’s assets

Take up a year’s free BCS membership when you gain this recognition (offer available to non-members only)

Join a community of practitioners raising standards and building the reputation of the UK’s cyber profession

What’s involved in the application process?

To apply for CCP, you will need to ensure you have one of the following foundational pre-requisites:

  • An NCSC-certified degree (undergraduate or postgraduate) or
  • A valid certificate for Certified Information Systems Security Professional (CISSP), including full membership of (ISC)² or
  • A valid certificate for Certified Information Security Manager (CISM), including full membership of ISACA or
  • Full membership of the Chartered Institute of Information Security (CIISec) or
  • Proof of having passed an appropriate NCSC internal skills level assessment or
  • Proof of having completed an internal NCSC professional development framework (for example for cyber security architecture).
  • For Security Architecture only, NCSC Certified Cyber Security Scheme head consultants and NCSC staff members holding a minimum of security architecture skill 6.4 level 3 may vouch for the foundational knowledge of applicants with whom they have worked in the previous 2 years for a period of no less than 12 months.

Please note that no exemptions can be granted for the above.

A case study will be required as part of each application (exemplars are available within the guidance notes). Applications will undergo a review with our assessors, and subject to a successful review, applicants will be requested to attend an interview.

The (online) interview will consider an applicant’s general consultancy skills and their technical abilities against the specialism. The duration of the interview is approximately two hours.

How much does it cost?

The application fee is £2,550.00 +VAT.

I’m ready to apply

Please complete the application form, and forward it with a copy of your CV and your case study to ccpsupport@bcs.uk. We will then forward an invoice for the application fee.

IMPORTANT: Please note that we are temporarily unable to process applications for the Security Architecture specialism.

When will my certification expire?

Your CCP specialism recognition is valid for three years subject to revalidation.

To revalidate you’re required to provide CPD evidence demonstrating that you’re maintaining your skills in your certified specialism / level. If it’s deemed that you no longer meet the requirements for your specialism, as set out by the NCSC, your recognition will be withdrawn.

What is the National Cyber Security Centre?

National Cyber Security Centre logoA part of GCHQ, the NCSC is the UK’s technical authority for cyber incidents and threats, working collaboratively with other law enforcement, defence, the UK’s intelligence and security agencies and international partners to help make the UK the safest place to live and work online.

Get in touch

We’re here to help with any queries you have about becoming a Certified Cyber Professional.

Call us on +44 1793 417 722 or email ccpsupport@bcs.uk

We take customer feedback very seriously and always act promptly to investigate any appeals:

BCS CCP appeals policy
BCS CCP complaints policy