Certified Cyber Professional (CCP)

CCP - CESG Certified Professional

Please bear with us whilst we update this website and relevant information, to the new NCSC branding.

Certified Cyber Professional (CCP) - the certification framework by NCSC for competent Information Assurance (IA) professionals.


Statement released by the National Cyber Security Centre (NCSC) 31 May 2017

"The National Cyber Security Centre (NCSC) is committed to the CCP scheme which over the last 5 years has set the skills benchmark for cyber security professionals. The growing demand for cyber security expertise in the private and public sectors means that CCP needs to evolve to help the NCSC meet the challenge of making the UK the safest place to live and work online. The first step we’re making in CCP's evolution is to review what evidence people will need to present to demonstrate their competence and gain certification in future. For those already certified this will be done in a way that allows a transitional period. We will keep you informed of our progress."

GCHQ's Certified Professional (CCP) scheme, delivered through the NCSC, is a certification framework for competent Information Assurance (IA) professionals. Individuals can choose to be certified in one or more specified IA roles, at several levels of competency. 

CCP certification will enable you to demonstrate to an employer that you possess the competencies, knowledge and skills needed to be an IA professional. CCP has been acknowledged as HMG’s standard for cyber security professionals. NCSC is the UK Government’s National Technical Authority for Information Assurance. APMG is working with NCSC to deliver the Certified Professional scheme.

CCP Testimonial

Register now

Why was CCP Introduced?

CCP enables improved matching between the public and private sector requirements for IA professionals and the capability and competencies of individuals to perform common IA roles. The framework was developed by CESG (now NCSC) in consultation with government departments, industry, academia, members of the CESG Listed Advisor Scheme (CLAS), and the NCSC approved certification bodies.

With the growing prevalence of cyber-criminals and more frequent attacks on organizations’ sensitive information assets, the UK Government has made it a top priority to strengthen the UK’s cyber security defences. NCSC is working in co-operation with other government departments to address the UK’s shortage of skilled cyber-security professionals – Certified Professional was developed as part of this initiative. 

Who is the Scheme For?

CCP is aimed at IA professionals working in both the private and public sectors. It allows for knowledge, experience and skills to be demonstrated at several levels of competence. Certified Professional can help organizations when selecting IA professionals for assignments and it can be used to guide professional development of employees.

The Benefits of CCP:

For Individuals:

  • Independent verification and formal recognition of your IA skills and competence.
  • Better matching between public and private sector requirements for IA expertise and the competence of individuals providing such expertise.
  • Clearer career path development.
  • You are part of a recognized and growing professional body from which employers can recruit.
  • CCP is a requirement for NCSC approved IA/cyber security consultancy.

For Employers:

  • Provides employers with the confidence that Certified Professional individuals will have been independently and rigorously assessed.
  • Certified Professionals will have demonstrated their expertise in IA/cyber security.
  • Use of the scheme in-house to ensure development of own practitioners.
  • Use of the scheme to influence suppliers to employ certified professionals to help reduce exposure to supply chain risks and gain confidence in supplier’s ability to manage risks to your and their information effectively.



“The Certified Professional (CCP) certification is increasingly seen as a de-facto standard for Cyber Security and IA practitioners in UK industry and public services. As ONR's lead for auditing and regulating Cyber Security and Information Assurance across the whole of the UK’s civil nuclear sector, I need to be assured that the sector is staffed by competent professionals who have been rigorously and independently assessed for their knowledge, skills and experience. CCP provides that verification. CCP is the UK Government’s approved standard for cyber security professionals. Appropriate CCP recognition also meets ONR's regulatory expectations for Suitably Qualified and Experienced cyber security and information assurance Professionals (SQEP) who are working in, or providing support to, the UK civil nuclear industry."

Robert Orr, Head of Cyber Security & Information Assurance Regulation, Office for Nuclear Regulation

IA Roles

Candidates interested in the CCP scheme can choose to be certified in one, or more of the following IA roles:

  • Accreditor
  • IA Auditor
  • Communications Security Officer/Crypto Custodian
  • IT Security Officer/Information Security System Manager/ Information Security System Officer
  • Security and Information Risk Advisor
  • IA Architect.

​The certification scheme features three levels for each of these roles. The levels are Practitioner, Senior Practitioner, and Lead Practitioner. For more detailed information please refer to the NCSC's About The Certified Professional page 

How to Apply

If the CCP scheme is of interest to you  – please complete the registration process here.

IA Certification Process

Our assessment process for all roles and levels will be interview based, incorporating feedback from referees who you have worked for or alongside, in order to determine whether you meet the competencies expected of the role. The entire process is online.  For more detail on the assessment process, please download our brochure.





  • Who is APMG? Updated: 22/04/2015
  • Why should I get my certification with APMG? Updated: 22/04/2015
  • Are there any pre-requisites to the scheme? Updated: 22/04/2015
  • How will the assessment be done? What is the assessment process? Updated: 11/05/2015
  • If I request a face to face interview, where will I need to travel to? Updated: 11/05/2015
  • How long will it take to get certified? How long does the process take? Updated: 11/05/2015
  • When will the assessments be carried out? Updated: 11/05/2015
  • What happens if my evidence is classified? Updated: 11/05/2015
  • How long is the certification valid for? Updated: 11/05/2015
  • Will I get a certificate? How secure is the certificate? Updated: 11/05/2015
  • Can I apply for more than one role on my application? Updated: 11/05/2015
  • Who will conduct the assessments? Who are your assessors? Updated: 05/08/2015
  • Are there any additional requirements during the period of certification? Updated: 11/05/2015
  • How much is it? Updated: 11/05/2015
  • What can I call myself after I certify? Do I get letters after my name? Updated: 11/05/2015
  • Must I be of a certain seniority level? Updated: 11/05/2015

Why choose apmg

  • APMG services focus on high-quality. 
  • APMG is accredited by the United Kingdom Accreditation Service (UKAS).
  • APMG has heritage in the cyber security field.
  • APMG is the only certification body providing GCHQ Certified Training assessments.

Benefits of Certified Cyber Professional (CCP)

For Individuals:
  • Independent verification and formal recognition of your IA skills and competence.
  • Better matching between public and private sector requirements for IA expertise.
  • CCP is a requirement for NCSC approved IA/cyber security consultancy.
For Employers:
  • Employers will be confident that CCP individuals will have been independently and rigorously approved.
  • Certified professionals will have demonstrated their expertise in IA/cyber security.