NCSC CHECK Programme

CHECK status for individuals

The IT Health Check Service or CHECK, was developed and introduced by the National Cyber Security Centre (NCSC) to identify vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system for HMG and the wider public sector of systems handling protectively marked information.

The NCSC and CREST work in collaboration to provide a set of examinations that are acceptable to industry and meet the requirements of private and public sectors. The NCSC now requires all existing and future CHECK Team Leaders and Members to have passed an approved professional examination designed to test for a basic grounding in the discipline.

NCSC will accept a pass from one of the following examinations when approving CHECK Team Leader and Team Member status:

  • CHECK Team Leader (Infrastructure) - CREST Certified Infrastructure Tester examination
  • CHECK Team Leader (Web Applications) - CREST Certified Web Application Tester examination
  • CHECK Team Member - CREST Registered Penetration Tester examination

It is important to note that obtaining passes in the above examinations do not guarantee CHECK Team status. You will also be required to obtain Security Clearance and to ensure the organisation you work for adheres to the rules set out by the NCSC for CHECK Providers.

CHECK Team Leader and Member certifications are valid for 3-years, after which you will need to re-certify. For more information on this, we recommend checking out the NCSC website.

CHECK Status for your organisation

If you are interested in your organisation becoming an NCSC approved CHECK provider of penetration testing services, The NCSC sets high standards for CHECK Service Providers against which all new applicants are measured.

All CHECK companies must meet the following criteria:

  • Your company must be able to sign-up to English law
  • Your company must have performed penetration testing service under the company name for a minimum of 12 months
  • All proposed team members must be able to hold SC clearance
  • You must have a minimum of one team member who has passed a CHECK Team Leader examination, and have at least 12 months penetration testing experience

If your company meets this criteria and you wish to apply, please send an email to [email protected] with confirmation of the above; your company will then be provided with an application form.