Incident Response (English)

Laatst gewijzigd op: 10-11-2025

When resolving a cyber incident, speed and expertise are crucial. By choosing a service provider with the CCV Incident Response certification mark, you are assured that the service meets proven quality standards in handling digital incidents.

Nederlands

Incident Response refers to the set of actions taken following a cyber incident. This includes analysing the damage, containing the attack, removing malware, restoring systems, and providing advice on future security measures.  

An effective incident response service acts quickly, carefully, and in alignment with the specific situation of the affected organisation. The goal: to limit the damage and prevent the incident from happening again.

Why a certification mark for Incident Response?

When companies experience a cyber incident, it can be difficult to assess which service providers are trustworthy. Business owners must make quick decisions about whether a service is reliable. The Incident Response certification mark makes the quality of these services visible.

With the quality mark:

You can be confident that the service provider responds quickly, even in acute situations.
You can rely on a structured approach, from triage to reporting.
You receive advice on recovery, communication, and legal follow-up steps.
You can trust that the process is carried out by qualified professionals.

There are two variants of the quality mark:

Incident Response (basic): availability during office hours.
Incident Response 24/7: continuous availability, including for new clients without a contract

Curious about the level of cyber risk in your business?

Complete the Risicoklassenindeling Digitale Veiligheid. By answering nine questions, an assessment is made from risk class 1 to 4. You will then immediately receive useful tips on how to start strengthening your cybersecurity.

What are the requirements for obtaining the certification mark?

Certified service providers must meet requirements in areas such as:

Response time: confirmation within 30 minutes, triage initiated within 2 hours.
Triage and analysis: insight into impact, causes, and necessary measures.
Communication: clear division of roles, designated contact person, advice on next steps.
Security and recovery: removal of harmful elements, restoration of systems.
Reporting: final report including root cause analysis and advice on prevention.
Quality and staff: qualified teams, secure processes, annual evaluations.

Publication and application of the certification scheme

The Incident Response certification scheme was published by CCV on 4 August 2025. Certification bodies can now enter into a license agreement with CCV. From 3 November, service providers can apply for certification through an accredited certification body.

Finding qualified service providers

From November 2025, qualified service providers will be published on hetccv.nl/bedrijven.

Nieuws

5 november 2025

Nieuwe e-learning helpt ouderen beschermen tegen digitale oplichting

5 november 2025

Dienstverleners Incident Response kunnen zich melden bij certificatie-instellingen met een pre-licentie

4 november 2025

CYRA-OT gelanceerd: nieuwe stap naar een cyberweerbare OT-omgeving

Wil jij als eerste op de hoogte zijn van nieuwe tools, webdossiers en bijeenkomsten over criminaliteitspreventie?