Chartership: A Background
Royal Charters, granted by the Sovereign on the advice of the Privy Council, have a history dating back to the 13th century.
A Royal Charter for our industry
The UK Cyber Security Council has been granted Royal Chartered status, as a result of which it now has the power to set the standards of the industry and award professional titles for those working in the cyber profession.
A royal charter is defined as the following by the Privy Council; “an instrument of incorporation, granted by The King, which confers independent legal personality on an organisation and defines its objectives, constitution and powers to govern its own affairs.”
A professional body must hold a Royal Charter from the British Monarch in order to have the ability to award chartered status to its members. Now that the UK Cyber Security Council has full royal charter status, they are able to launch the chartership scheme for the industry in earnest.
What is Chartership?
Collins dictionary defines chartered as “a professional person having attained certain professional qualifications or standards and acquired membership of a particular professional body”
There are many other professions that already have established chartership schemes including accountants, journalists, teachers and engineers. The professional body that awards chartered status, (in the case of the cyber industry the UK Cyber Security Council), must create a list of required criteria for those seeking chartership. This usually pertains to a certain level of skill or experience being achieved within their role.
Whilst this can be demonstrated through work experience, a certain level of qualification, such as post graduate or industry specific certification is usually required. It is also commonplace for the professional body to implement a code of conduct to ensure those that are chartered uphold the standards and reputation that comes with being a member of that particular professional body. This code often sets out what constitutes best practice within the industry; if a chartered member is found to be neglecting these standards and risking the reputation of their profession, they can have their chartership removed or cancelled.
To maintain chartered status as an individual there is often a requirement to do continued professional development or CPD. Most chartered professions have the requirement that a stipulated number of CPD hours are credited per year to illustrate continued professional growth and that the registrant is keeping up with new ideas and technologies.
An example of established chartership: Chartered Accountant
To become a charted accountant, you are required to hold an ACA qualification. This qualification takes between three to five years to complete and involves different phases. Part of this is completing 450 days of work experience with an ICAEW (Institute of Chartered Accountants in England and Wales) authorised training employer. You also must register as a student with ICAEW, if you have already completed a relevant qualification, you may be exempt from certain modules. To complete the ACA, you must “demonstrate that you have: completed 450 days of work experience at an ATE; passed 15 exam modules; undertaken professional development; and have advanced your ethical understanding and professional scepticism.”[11]
To gain a better understanding of the structure for achieving chartered status in the cyber industry read the UK Cyber Security Council’s route to chartership here.
Chartership provides confirmed proof that your professional skills have been acquired in a work-based, practical environment.
Their original purpose was to create public or private corporations (including towns and cities), and to define their privileges. Nowadays, though Charters are still occasionally granted to cities, new Charters are normally reserved for bodies that work in the public interest (such as professional institutions and charities) and which can demonstrate pre-eminence, stability, and permanence in their particular field.
Professional bodies are defined as dedicated to the advancement of the knowledge and practice of professions through developing, supporting, regulating, and promoting professional standards for technical and ethical competence. They are concerned with the public benefit as well as the reputation of professionals.
Chartership of the Cyber Security profession has been on a journey since the creation of the first National Cyber Security Strategy, as our understanding of the challenges around Cyber and Information Security has developed. Today, we have three chartered bodies who bring a range of strengths to the profession.
- The Worshipful Company of Information Technologists (2010)
- The Chartered Institute of Information Security – CiiSEC (2019)
- The UK Cyber Security Council – UKCSC (2022).
The UKCSC is the sole body in the UK that can award professional titles.
Yes, there are lots of ‘professionals’ in this sector. However, the creation of the UKCSC is to ensure that there is consistency in the use of that term in line with how HMG defines Professions and professionals.
Does Chartership make a difference?
Yes. This has been proven to gain public confidence and international recognition in many other areas of society where we have national level need to understand competencies and define qualification frameworks for professionals in areas such as Healthcare, Education, Legal, Social Care, Transport plus others.
In the UK’s National Cyber Security and cyber resilience aims we have clear need for effective cyber security across all professions and disciplines in their day-to-day use of technology and the need to protect the often very sensitive data that they handle on behalf of the public. It is therefore important that other regulated professions and professional bodies have confidence that the Cyber Security Profession meets the same stringent professional standards that they themselves must adhere to.
Is Cyber Security a regulated profession?
No. But the UKCSC has been created to provide increased confidence to regulators across all sectors in the professional standing of individuals offering Cyber Security advice/consultancy.
How Chartership Differs from CHECK
The CHECK Assured service provider accreditation scheme differs from Chartership in that the organisation is CHECK accredited as opposed to the individual. CHECK is awarded to companies to illustrate they have the ability and methodology to provide CHECK level testing using approved testers. Chartership is for the individual and does not rely on the individual’s current employer. Professional Registration will create a clear indicator of an individual’s experience within the industry, as opposed to the clearance level or ability of the organisation they work for. While evidence for Professional Registration will resemble the skills, knowledge and behaviours required to pass a CSTL exam, the on-the-job experience an individual can prove will be much more important.