Only already listed teams can become accredited. Any registered team that is serious about it's service can gain accreditation. Accreditation is performed by the TI following a standardised process which takes between one and four months, depending on the current status and preparation as well as the feedback received during this process. A one-time accreditation fee (800 EUR, VAT might be charged) and an annual fee (1200 EUR, VAT might be charged) ensure the continuity of the TI services for the community.

To apply for accreditation every team needs to follow these steps:

  1. An accreditation candidate must be "listed". If a team is not yet listed, it must apply for registration first.
  2. To apply for accreditation, the team just needs to send a simple request to the TI team.
  3. The TI team will start the accreditation process by sending a formal "invitation package" to the potential candidate. This package contains all the materials needed to prepare for a successful completion of the accreditation.
  4. Within four weeks the formal acceptance of the process requirements need to be signed and then send by fax and postal mail to the TI team. Once the letter has been received, the formal status of the team will changed to "accreditation candidate" and the TI community will be notified accordingly.
  5. Starting from the recognition as candidate the team has three month to submit a completed set of documents outlining the required statements and materials.
  6. The TI team will verify and assess all the materials that have been send by the candidate and may ask additional questions. This verification and feedback cycle usually takes one to four weeks on average, depending on the level of interaction. Please be advised that the successful verification of the candidate must be finalised within the available three months.
  7. Once the TI team has verified that the candidate has met all requirements, the status of the team is changed from "listed" to "accredited". The candidate as well as the TI community are formally notified thereof. With the new status the team gains access to the complete set of TI Services.
  8. If at any stage during this process the candidate does not meet the requirements or misses the deadlines, the invitation will expire or the accreditation process will fail. Any team can only be invited twice within any given period of one year.

Eight month after a team has been accredited it can apply for TI Certification.

Related Materials

Useful materials for this process are:

  • Example of an invitation package including appendices A to E (accreditation requirements and forms, definitions and background information)
  • RFC-2350 (support is obligatory): Internationally established fill-out form for CERTs to basically state who they are and who they serve, when and how they can be reached, what their services are and how they handle and disclose information with due care. Filling out and publishing RFC-2350 is a MUST for TI Accredited teams since May 2009.
  • Information Sharing Traffic Light Protocol (FIRST Version 1.0, support is obligatory): Started in the community of governmental and national CERTs, this highly pragmatical set of rules for information sharing has been adopted as de facto standard by the European security and incident response community in 2009. Many years later in 2016 FIRST made slight changes and published it's own version 1.0. To have a globally accepted TLP and to avoid irritations for all teams involved, the TI Accredited teams adopted this as a standard for all information sharing.
  • TI CSIRT Code of Practice (Version 2.4, recommended to use): The first Code of Practice for CERTs and security teams was adopted by the TI Accredited teams as recommendation in 2005. This was a first step towards making professional ethics explicit in the TI community, and as such a step in increasing a team's maturity. In 2017 an updated version was presented by a working group and adopted by the TI Accredited teams.