Security and Incident Response teams manage the handling of information security incidents within their organisation or network - their tasks broadly range from prevention and awareness raising, via incident detection to the actual tracking and resolving of incidents and drawing lessons from that. The Trusted Introducer Service - a.k.a. TI - was established by the European CERT community in 2000 to address common needs and build a service infrastructure providing vital support for all security and incident response teams.

To safeguard the trusted environment a comprehensive set of processes have been defined, outlining what it takes to participate and maintain a team's status within the TI community. This requires a long-term committment of the participating teams and individuals and the TI processes emphasize the need for continuous improvement and maintenance as regular tasks. Although many years have passed since the first team was created, only very few standards apply to these processes. To provide a consistent overview for anyone interested, the different de-facto standards are explained for everyone on the public TI web page:

https://www.trusted-introducer.org/processes/standards.html

The TI service differentiate between four categories:

  • teams are
    • listed, which provides basic information about the team itself as well as shows endorsement of the team by the TI community;
    • accredited, which ensures a defined level of best practices and acceptance of the established TI policies for such teams;
    • certified, if they have been accredited before and prove a confirmed level of maturity as defined by the TI SIM framework.
  • security experts can participate as TI Associates.

The TI Accreditation and Certification requires regular efforts to maintain the team's status. Such efforts are also expected from TI listed teams. To ensure a high level of trust within the TI community, TI listed teams that have not become accredited within three years are required to demonstrate the continuous support of the listing by the TI community. This is called "re-listing". Therefore the directory of the TI service can be trusted to reflect the actual and accurate snapshot of all teams listed regardless of their status.

TI Certification is meant for those accredited teams who have internal and/or external reasons to have their maturity level gauged in an independent way. When the certification succeeds, the team can show this to their constituents, to their funding bodies, to other parties they want to cooperate with. The certified teams are and stay part of the community of accredited teams - the certification can be seen as extra branding providing it's own benefits for such teams. Again to keep this expectation over time, a re-certification is required every three years.