Book FREE Consultation

URM is pleased to provide a FREE 30 minute consultation on Transitioning to ISO 27001:2022 for any UK-based organisation. Once an enquiry form has been submitted, we will be in touch to understand the nature of your enquiry and to book a mutually convenient time for a 30-minute consultation slot with one of URM’s specialists.

Cyber Incident Exercising (CIE) Services

As an approved Cyber Incident Exercising (CIE) Assured Service Provider under the National Cyber Security Centre (NCSC) scheme, URM is ideally and uniquely placed to assist you with your cyber incident exercising.

NCSC Cyber Incident Exercising Scheme

As an approved Cyber Incident Exercising (CIE) Assured Service Provider under the National Cyber Security Centre (NCSC) scheme, URM is ideally and uniquely placed to assist you with your cyber incident exercising.  Through the scheme you can be assured that URM meets the NCSC’s rigorous standards for developing and delivering high quality cyber incident exercising, possessing the required skills and experience of creating bespoke and structured cyber incident exercises.

The NCSC CIE scheme, which is administered by IASME, focuses on the development and delivery of two types of cyber exercises:

  • Tabletop – this is a discussion-based exercise where URM designs a scenario developed from information gathered about your organisation, and where participants respond to a developing situation, escalating over time, as they would in a live incident in line with your organisation’s incident response plan.
  • Live-Play –  this type of exercise involves participants carrying out their roles and responsibilities in close to real time and in response to a controlled feed of information, representing a pre-agreed scenario designed by URM and agreed with your organisation.  Typically, URM delivers live play exercises with mature organisations looking for in-depth validation of plans.

The exercises are designed to simulate incidents which have a significant impact on a single organisation.  The scheme does not cover category 1 and category 2 incidents, as defined by the UK cyber incident categorisation system.

APPROVED CYBER INCIDENT EXERCISING (CIE) ASSURED SERVICE PROVIDER

  • CIE Assured Service Providers have been assured by the NCSC to develop and deliver controlled, scenario-based, tailored exercising that conforms to the NCSC CIE Technical Standard. These exercises are delivered for organisations that want to practise, evaluate, and improve their cyber incident response plans in a safe environment.
  • Cyber Incident Exercising. The NCSC's Cyber Incident Exercising (CIE) scheme gives customers confidence that CIE Assured Service Providers meet NCSC standards for high quality cyber incident exercising.

Get in touch

Please note, we can only process business email addresses.

Why URM?

URM is ideally placed to assist your organisation with your cyber incident exercising due to the unique combination of exercising experience and cyber expertise.  Since its formation in 2005, URM has been developing and facilitating incident response exercises.  Our team of incident management and cyber specialists is hugely experienced and skilled in devising challenging, original and appropriate scenarios which will exercise and validate your incident response plans.  Working closely with you, we will ensure the scenarios are realistic, have clear objectives in terms of raising awareness, assess how well participants understand the plans, as well as their own roles and responsibilities and how they work collectively as a team.  URM has worked with a wide range of incident management teams as part its exercising and with different areas of focus, from assessing the capabilities of senior management to IT teams, measuring the effectiveness of communication and identifying gaps between actual and expected time to recover.

One feature of our exercising over the last 10 years has been the increasing number of cyber-related exercises we have developed, addressing such threats as malware attacks, ransomware incidents, data breaches and phishing attempts.  This is an area where URM is able to excel by virtue of its cybersecurity knowledge supported by our CREST accreditation.  Our Technical Team possesses a deep understanding of cybersecurity principles, current threats, and attack methodologies and, as such, is able to develop exercises which are both cutting edge and highly realistic.

Cyber Essentials FAQ

Supplementing Cyber Essentials

Published on
11/7/2025

URM’s blog outlines the practical measures you can take following Cyber Essentials certification to further enhance your information & cyber security posture.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
16/6/2025
Lexcel: Deconstructing Your Information Management and Security Policy

URM explains each control law firms must include in an information management and security policy that complies with the Lexcel Practice Management Standard.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
6/6/2025
Understanding Lexcel and the Specialist Quality Mark (SQM): How Cyber Essentials Can Benefit Your Practice

URM’s blog explores how Cyber Essentials can help your legal practice enhance its security posture and achieve/maintain its SQM or Lexcel accreditation.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
1/5/2025
Cyber Essentials Questions Answered: Technical Requirements, BYOD Compliance and the Future of the Scheme

URM’s blog answers key questions about CE, focusing specifically on its technical requirements, use of BYOD, and how the scheme may change in the future.

Read more
"
It’s one thing having the required technical knowledge, it’s another thing for a consultant to apply that knowledge to the context of our organisation. To use a sporting analogy, we view cyber and information security as a marathon not a sprint. I am not a believer in doing everything all at once. Our approach has been risk based and incremental, remediating our biggest risks first before moving on. I believe this approach is far more sustainable and effective. And URM’s consultants fully understand this and are very pragmatic and tailored in their guidance and advice. They know we are not implementing ISO 27001 purely for the certificate, but more as a framework for continual improvement, and at a pace where new systems and processes can be fully understood and absorbed by our team and be business as usual.
The Owners and Distributors of Quality Brands
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.