Establishing Chartership in the cyber security industry
Chartered professions have existed since 1272, chartered status proving a professional’s ability and credibility and providing confidence and assurance of their knowledge and skills to employers, clients, and the public. Chartership additionally provides confirmed proof that your professional skills have been acquired in a work-based, practical environment.
Gaining chartered status through professional registration demonstrates commitment to professional standards such as the Council’s code of conduct, practice, and ethics. This also proves an ongoing commitment to continued professional development to ensure expertise and competence evolves, is up to date and relevant.
By aligning experience and expertise with a professional’s area of specialism in cyber security to a nationally recognised standard of competence, they clearly demonstrate their level of expertise and that they belong to a network of respected and prestigious cyber security specialists[1].
A History of Chartership
Royal Charters, granted by the Sovereign on the advice of the Privy Council, have a history dating back to the 13th century.
Their original purpose was to create public or private corporations (including towns and cities), and to define their privileges. Nowadays, though Charters are still occasionally granted to cities, new Charters are normally reserved for bodies that work in the public interest (such as professional institutions and charities) and which can demonstrate pre-eminence, stability, and permanence in their particular field.
Professional bodies are defined as dedicated to the advancement of the knowledge and practice of professions through developing, supporting, regulating, and promoting professional standards for technical and ethical competence. They are concerned with the public benefit as well as the reputation of professionals.
Chartership has been on a journey since the first National Cyber Security Strategy, as understanding of the challenges of Cyber and Information security has developed. Today, we have three chartered bodies who bring a range of strengths to the profession.
- The Worshipful Company of Information Technologists (2010)
- The Chartered Institute of Information Security – CiiSEC (2019)
- The UK Cyber Security Council – UKCSC (2022).
The UK Cyber Security Council (UKCSC)
The purpose of the UK Cyber Security Council (“the Council”) is to support the UK Government’s National Cyber Security Strategy to make the UK the safest place to live and work online, and aims to leverage all available expertise, relevant standards, and guidance to deliver practical advice to the profession.
The UKCSC is the sole body in the UK that can award professional titles.
Yes, there are lots of ‘professionals’ in this sector. However, the creation of the UKCSC is to ensure that there is consistency in the use of that term in line with how HMG defines Professions and professionals.
Does chartership make a difference?
Yes. This has been proven to gain public confidence and international recognition in many other areas of society where we have national level need to understand competencies and define qualification frameworks for professionals in areas such as Healthcare, Education, Legal, Social Care, Transport plus others.
In the UK’s National Cyber Security and cyber resilience aims we have clear need for effective cyber security across all professions and disciplines in their day-to-day use of technology and the need to protect the often very sensitive data that they handle on behalf of the public. It is therefore important that other regulated professions and professional bodies have confidence that the Cyber Security Profession meets the same stringent professional standards that they themselves must adhere to.
Is Cyber Security a regulated profession?
No. But the UKCSC has been created to provide increased confidence to regulators across all sectors in the professional standing of individuals offering Cyber Security advice/consultancy.
The UKCSC has set out 5 key pillars in its 2025 strategy which include:
- Professional Standards
- Setting the standards for practitioners across the sector
- Professional Ethics
- Creating and ensuring cyber professionals adhere to our Code of Ethics
- Careers & Learning
- Providing guidance on how to join and progress within cyber security.
- Outreach & Diversity
- Striving for an inclusive and representative sector
- Thought Leadership & Influence
- Positioning the Council as the voice of the profession
The principles outlined here are to build on the significant body of investment and knowledge surrounding Cyber and information security risk and pull some of those threads together with a consistent national view as set out in the UK Cyber Security Strategy and the UK’s Cyber Security Skills strategy. The aim is to enable organisations and businesses to plan internal workforce development, and to know what to expect from someone holding professional titles.
We have created additional information on how to become chartered; in the meantime please read the resources outlined by the Council here. [3].
Professional Standards
The UK Cyber Security Council launched a pilot of the attainment of professional standards as part of their commitment to helping make the UK become the safest place to live and work online. They believe it will create a universally recognised standard providing a level of certainty around the skills and competencies associated with each level of professional title. This will also help to create a clear roadmap of routes into the profession and how to best progress within it. Additionally, this will also help to bring the cyber sector in line with other professions such as engineering or accountancy, which already have successful models for providing chartered professionals. The over arching aim for the pilot was to bring clarity for both cyber practitioners and employers across the UK looking for cyber expertise by introducing a universally recognised professional standard for the industry.
The council are introducing three different titles aligned to the councils professional standard: Associate, Principal, and Chartered. Applicants to the programme who are applying for the Security Testing specialism will be judged against the Council’s professional standard and will assessed by The Cyber Scheme. Applicants must be able to evidence their ability and industry experience, aligned with their specific specialism.[2]
"The Cyber Scheme has worked with the National Technical Authority (CESG/NCSC) for Information and Cyber Security for several years. The business case for establishing an independent body to oversee the Cyber Security profession is welcome recognition of the scale of the challenge at a national level across all sectors and roles within the economy and society more widely. "
Andy Jones – Strategy Director for The Cyber Scheme Tweet
What does this mean for CCP?
At its completion the Chartership scheme will have chartered professional titles which align to sixteen cyber security specialisms. If you hold a legacy role-based certification through the CCP scheme you are no longer able to renew, and this legacy scheme has now closed. If your certification was awarded from 2021 onwards it will remain valid for three years from when the latest validation was granted. After this period, you can then apply to the chartership scheme through the council.
If you hold a CCP certification you can apply via a top-up process to Chartered or Principal professional registration. Please read more here.
[1] UK Cyber Security Council. (n.d.). Professional Titles. [online] Available at: https://www.ukcybersecuritycouncil.org.uk/professional-standards/chartership-and-professional-titles/#:~:text=Provide%20confidence%20and%20assurance%20of [Accessed 14 Jun. 2023].
[2] UK Cyber Security Council. (n.d.). The Council’s Route to Chartership. [online] Available at: https://www.ukcybersecuritycouncil.org.uk/professional-standards/the-council-s-route-to-chartership/ [Accessed 16 Jun. 2023].
[3] UK Cyber Security Council. (n.d.). How to Become Chartered. [online] Available at: https://www.ukcybersecuritycouncil.org.uk/professional-standards/how-to-become-chartered/ [Accessed 16 Jun. 2023].