Competence and Commitment

"We are excited to launch version 4.2 of the UK Cyber Security Council’s Standard for Professional Competence and Commitment (UK CSC SPCC). This latest version reflects the necessity for our Standard to adapt to the fast-paced evolution of the cyber security landscape. We remain dedicated to fostering the professional growth of cyber security professionals and recognising their competence. By incorporating lessons learned from the introduction of core Specialisms, as well as industry feedback and insights into emerging trends, we have ensured that our Standard remains both relevant and robust." - Vanessa Henneker - Chief Operating Officer for the UK Cyber Security Council (October 2024)

The UK Cyber Security Council Standard of Professional Competence and Commitment (UK CSC SPCC) is the overarching Standard which provides certainty around the skills and competences of the workforce, creating a clear route into, and progression through, the profession. The Standard supports our mission of the UK to become the safest place in the world to work and live online.

When applying for a professional registration title, you will need to demonstrate your individual competence through examples of evidence relating to your current knowledge and experience.

Evidence

The evidence will need to highlight you have the necessary knowledge underpinning the skills you have and decisions you make. This is referred to as Underpinning Knowledge and Understanding (UK&U). 

The examples of evidence you include, against each of the competences within the Standard, should indicate your individual competence rather than the competence of a team or group. For example, using ‘I’ rather than ‘We’ in your application.

Assessment

During assessment of your application against the UK CSC SPCC, Assessors will be looking to see where your UK&U was developed during your career that underpins your competence.

There are two ways of demonstrating UK&U:

• Through recognised qualifications, certifications, and further academic learning.

A guide to this has been provided below.

We are continuing work to map qualifications/certifications to the Standard, this includes work-based courses and/or academic courses and/or vendor qualifications/certifications.

• Through your career, known as work-based learning.

Assessors will assess your professional registration application to determine whether the work you have carried out reflects the knowledge and skills development expected against the Standard. It is important, therefore, that when completing an application, you provide examples of progression that detail the development of technical knowledge you have. Using the STAR (Situation, Task, Action, Result) technique may be a helpful approach to use within your application.

Professional Registration Standard: CSQF Requirements & Expected Equivalencies

(4) scqf.org.uk/about-the-framework/interactive-framework/

(5) sfia-online.org/en/sfia-7/responsibilities

(6)ciisec.org/CIISEC/News/CIISec_release_the_latest_version_of_the_Skills_Framework_V_2_4.aspx

(7) niccs.cisa.gov/workforce-development/cyber-security-workforce-framework

As the UK CSC SPCC is an overarching Standard, we are creating contextualisation across 15 industry areas to support professional registration in these areas. These are referred to as Specialisms. The 15 specialisms, listed here: Cyber career framework, provides detailed information about each specialism and pathways through them.

The Standard has been contextualised for the following Specialisms:

• Cyber Security Governance and Risk Management
• Secure System Architecture and Design
• Cyber Security Audit & Assurance
• Security Testing