Designation of computer security incident response teamU.K.
5.—(1) GCHQ is designated as the CSIRT for the United Kingdom in respect of the relevant sectors and digital services.
(2) The CSIRT must—
(a)monitor incidents in the United Kingdom;
(b)provide early warning, alerts, announcements and dissemination of information to relevant stakeholders about risks and incidents;
(c)respond to any incident notified to it under regulation 11(5)(b) or regulation 12(8);
(d)provide dynamic risk and incident analysis and situational awareness;
F1(e). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
(f)establish relationships with the private sector to facilitate co-operation with that sector;
(g)promote the adoption and use of common or standardised practices for—
(i)incident and risk handling procedures, and
(ii)incident, risk and information classification schemes; and
(h)co-operate with NIS enforcement authorities to enable the enforcement authorities to fulfil their obligations under these Regulations.
[F2(3) The CSIRT may co-operate with or participate in international co-operation networks (including the CSIRTs network) if the CSIRT considers it appropriate to do so.]
Textual Amendments
F1Reg. 5(2)(e) omitted (20.1.2021) by virtue of The Network and Information Systems (Amendment etc.) (EU Exit) Regulations 2019 (S.I. 2019/653), reg. 1(2), Sch. para. 6(a); 2020 c. 1, Sch. 5 para. 1(1)