http://www.legislation.gov.uk/id/uksi/2018/506

PART 2The National Framework

Designation of computer security incident response team5.

(1)

GCHQ is designated as the CSIRT for the United Kingdom in respect of the relevant sectors and digital services.

(2)

The CSIRT must—

(a)

monitor incidents in the United Kingdom;

(b)

provide early warning, alerts, announcements and dissemination of information to relevant stakeholders about risks and incidents;

(c)

respond to any incident notified to it under regulation 11(5)(b) or regulation 12(8);

(d)

provide dynamic risk and incident analysis and situational awareness;

(e)

participate and co-operate in the CSIRTs network;

(f)

establish relationships with the private sector to facilitate co-operation with that sector;

(g)

promote the adoption and use of common or standardised practices for—

(i)

incident and risk handling procedures, and

(ii)

incident, risk and information classification schemes; and

(h)

co-operate with NIS enforcement authorities to enable the enforcement authorities to fulfil their obligations under these Regulations.

(3)

The CSIRT may participate in international co-operation networks if the CSIRT considers it appropriate to do so.