For the better part of a decade, UK buyers of cyber security services have had to rely on individual professional certifications, vendor reputation and a procurement officer's gut. There has been no straightforward way to verify that the firm sending the consultant has the institutional discipline behind them — only that the named consultant once passed an exam.
The Cyber Scheme is trying to fix that. At CYBERUK in Glasgow this week, the body is launching an Accredited Company Programme that ties an organisation's credibility to the verified competence of the people it employs, the standards it operates to, and the specialisms it actually delivers in. It opens to firms of any size, with accreditation granted by specialism — security testing, operational technology, incident response, secure operations, cyber security management, and governance and risk — rather than as a single blanket badge.
The mechanism matters because it dovetails with how regulated UK buyers are increasingly drafting their tenders. Procurement frameworks that mandate a "Professionalised Cyber Workforce" are becoming common, and accredited companies will be visible inside those frameworks via a forthcoming Accredited Company Register. Workforce capability is benchmarked against the UK Cyber Security Council's Chartered Cyber Security Professional standards, which The Cyber Scheme already assesses individuals against as the Council's largest Licensed Body.
Our accreditation programme is built on the principle that trustworthy services come from proven professional competence. The programme assures a company's services by confirming its workforce capability aligns with the UK Cyber Security Council's Chartered Cyber Security Professional standards.
Professionalisation doesn't stop with individuals. Skills, standards and continuous development must be embedded within the organisations delivering these services.
Two early adopters have spoken up. Jordan Glover, Director at JAG Secure, said the specialism-based recognition matters for boutique firms because it credits what they actually deliver rather than handing out a uniform stamp. Paul Toye, Managing Director at Cyber Guarded, framed it as a missing bridge between professional competence and organisational credibility.
The programme fills a critical gap by linking professional competence with organisational credibility, giving UK businesses confidence that the advice and services they receive come from trusted, independently verified professionals operating within their recognised specialisms.
The honest tension in any new accreditation scheme is whether the market actually demands it. The Cyber Scheme is betting that the combination of regulated procurement, the Council's professional registration framework, and growing buyer fatigue with unverifiable supplier claims has reached the point where a register of accredited companies will get used. If procurement teams cite the register, the programme works. If they don't, it becomes another logo on a website. The CYBERUK launch is the moment to find out which.
Read more: thecyberscheme.org/accreditation/
