Our Professional Standards team have created the below set of Frequently Asked Questions based on feedback, conversations, and queries around, the CCP programme, Continuing Professional Development (CPD), Specialisms and Professional registration.
Are Head Consultants required to hold the certified level of the relevant CCP specialism to apply for Chartership titles through the UK Cyber Security Council?
Under the Assured Cyber Security Consultancy Scheme, Head Consultants were required to hold the Certified level of the relevant CCP Specialism. Going forward, once the UK Cyber Security Council launches their Chartership Titles, Head Consultants will need to hold the Chartered title for the relevant UK Cyber Security Council specialism.
I have CCP and am due to submit a new application, what options do I have available to me?
Please see the latest communication regarding the extension of CCP which may help to answer your questions here.
1. Undertake full CCP with your existing certification provider (BCS, APMG or CIISec), ensuring your application is submitted and fees paid before deadline of CCP closure, September 30th 2023.
2. Within 6 months of certifying, or at the point of revalidation of your CCP certification you may apply for a top-up process via the UK Cyber Security Council through your existing certification provider, to convert your CCP certification to the relevant council chartership title. Alternatively,
3. Wait for and undertake a full application for either Governance and Risk Management or Secure System Architecture and Design specialisms with UK Cyber Security Council for the relevant chartership title, when these are launched late Summer 2023.
---
Do you have a timeline on when the road mapped specialisms will be available?
The Council have launched 4 specialisms already for Risk & Governance, Architecture & Design, Audit & Assurance and Security Testing. We expect to launch 4 further specialism this year. These are: Incident Response, Secure Systems Development, Cyber Security Leader and Secure Operations. Full details will be provided via our website and newsletter.
Are there any other licenced bodies that can support applications other than these two? Will this be expanded to other bodies / institutes in future?
Currently, there are only two. We intend to expand in the future and are actively working towards this with several organisations.
For someone just starting in the cybersecurity profession, what would you say are the required documentary evidence to be submitted, and which one should be the target certification?
The Council are working to demystify the industry, signpost to and create career pathways. These are still in development, therefore, please keep an eye on our website in the careers and qualifications area for up-to-date information.
Professional Registration, except for the Security Testing pathway, does not require any certification or qualification. It is an assessment of your understanding, knowledge and skill in cyber security. While the knowledge you gain from studying a certification will no doubt be useful, certifications are not a requirement, nor will they waive any part of the process.
If you are applying for Security Testing, you should hold a CTL or CTM exam, or be willing to sit it in advance of your application.
What is the target launch date for Incident Response and Secure Operations?
Incident Response is expected to launch in the Summer 2024. Secure Operations is expected to launch in the Winter 2024.
Which body is expected to provide digital forensics (and incident response) in 2024? Will it be possible to be in the initial tranche of applicants if these are 'beta' applicants?
The Council are working with CREST and The Cyber Scheme on these specialisms. Work is expected to complete Summer 2024. You can sign up to our newsletter to keep up to date with progress. If you wish to be in the initial tranche of applicants, please email standards@ukcybersecuritycouncil.org.uk stating this and a member of the team will come back to you.
What is the timeline for the Cyber Security Management specialism being available for application?
Cyber Security Leader is replacing Cyber Security Management. We are working on this specialism this year. Please sign up to our newsletter to be kept abreast of progress.
Where would I find that Audit & Assurance contextualised standard?
The contextualisation documents can be found at the end of the specialism information pages. This is in the career framework area of the website. The audit and assurance contextualisation can be found here: https://www.ukcybersecuritycouncil.org.uk/careers-and-learning/cyber-career-framework/cyber-security-audit-assurance/
Are Head Consultants required to hold the certified level of the relevant CCP specialism to apply for Chartership titles through the UK Cyber Security Council?
Under the Assured Cyber Security Consultancy Scheme, Head Consultants were required to hold the Certified level of the relevant CCP Specialism. Going forward, once the UK Cyber Security Council launches their Chartership Titles, Head Consultants will need to hold the Chartered title for the relevant UK Cyber Security Council specialism.
How do I apply for a Chartered professional standard?
Find out more about Chartership and the minimum qualifications standard here: https://www.ukcybersecuritycouncil.org.uk/professional-standards/the-council-s-route-to-chartership/
Where can I find the Professional Standard for Cyber Security Governance & Risk Management; Secure System Architecture & Design?
You can download the UK Cyber Security Council Standard for Professional Competence and Commitment (The Council SPCC) from our website here: https://www.ukcybersecuritycouncil.org.uk/professional-standards/the-council-s-route-to-chartership/
When can I apply for professional registration?
Keep an eye on our website and sign up to our newsletter to be one of the first to hear when we have licensed organisations to undertake the registration process on our behalf. You can then choose a license body to apply for professional registration.
Where is the Register kept and published?
It is kept in our CMS which is hosted in the UK and protected by unique logins with 2FA. Limited people at the Council have access to the full register.
Registrants must give consent for third parties to see their professional title/s, and this is done through limited use links and security codes. The register stores limited personal information: registrant number, name, email, formal title, professional title, licensed body and licensed body membership number. Not all of this is visible to third parties validating titles.
Is there a route for government applicants where evidence may veer into official-sensitive?
Applicants who work in a secure/confidential role are expected to be able to document their competence in a generic way against the competences detailed in the UKCSC Standard of Professional Competence and Commitment without compromising any confidential information. The Assessors are professionally registered themselves and understand how to review this type of evidence.
What would be the most applicable registration to aim for, for a new professional to the field of cyber?
You may be eligible to apply for our Associate Professional Registration Title. Please read through the requirements on our website. If you have any further queries, you can contact any of the Licensed Bodies or the Council for future assistance.
Will the presentation be made available?
Yes. If you have not received it, please email standards@ukcybersecuritycouncil.org.uk
Prior to taking part in the 'professional discussion' do you receive any guides of what to expect during those discussions to enable the best possible preparation?
Candidate guidance is available via the Licensed Bodies. You should expect the discussion to be guided by the UKCSC SPCC and contextualised standard by specialism.
If I require additional support for the ‘professional discussion’ who do I contact and can I see any of the pre questions in advance?
If you need specific details as a reasonable adjustment, Licensed Bodies will be able to provide these. You should not expect to receive a full list of questions or similar in advance as this will be a discussion rather than a test.
Must you continue to maintain a CIISEC membership alongside the UKCSC registration for the future?
Each Licensed Body has their own membership requirements which may or may not be linked to the registration fees. Please contact the Licensed Body directly to determine these requirements.
Expressions of interest on the UK Cyber Security Council website for Chartered, Principal and Associate are currently closed to new submissions. When will this reopen?
We had a few technical difficulties with the form during March 2024. It is planned for these to be resolved and the form back open from April 2024.
Please note, the expression of interest form is a way to join a communications list, it is not the first step in an application. Applications are processed end-to-end by Licensed Bodies.
If you are unsuccessful at, say achieving Chartered status, can you be awarded a lower level alongside your feedback?
We would expect you to apply for the Professional Title that best fits your knowledge and competence. If, during the assessment process it looks like you would be more suited to an alternative, the Licensed Body may inform you, however, it is not a requirement of the process to do so.
Are there any exemptions for the required experience for professional registration for active ISC2 and ISACA certified professionals? What about members of another cyber security organisation?
No, but the experience and knowledge gained through these certificates and memberships will be helpful when you put together your evidence.
Are all discussions / interviews virtual, is there an in-person option?
This is dependent on the Licensed Body and their process / preference. The Council supports either and both approaches.
Exams in support of the Security Testing pathway are in-person.
If you need reasonable adjustments to the interview process, including moving from online to in-person or vice versa, please contact the Licensed Body handling your specialism.
If I have over 20 years of Audit and Assurance experience in Info & Cyber Security with some technical knowledge but a broad amount of experience across multiple clients in various industries, would I best be placed to apply for Chartered status?
Please refer to the UKCSC SPCC https://www.ukcybersecuritycouncil.org.uk/media/un0j1eur/v-4-21-12-22-uk-csc-spcc.pdf to understand the professional registration title that would be most appropriate, and the career framework https://www.ukcybersecuritycouncil.org.uk/careers-and-learning/cyber-career-framework/ for the appropriate specialism.
If you went for chartership in one area and then a new pathway is created can you apply for this also or is there a way to map over without having to go through the application process?
The Council are researching and collaborating with Licensed bodies to develop a process to move from one specialism to another to ensure mobility within the industry. Individuals are welcome to hold professional registration across various specialisms. At the Chartered level we expect a good knowledge of several other specialisms so expertise in two specialisms does not necessarily mean you need to hold two titles.
Have the armed forces been engaged about this?
We have engaged armed forces stakeholders in our work, and many registrants have an armed forces background. We cannot comment on the input of specific stakeholders to specific documents.