Does XCIR cover the regulatory notification timelines IR teams must meet?

Yes, and this is a primary differentiator. Day 5 covers NIS2 Article 23 (24-hour early warning, 72-hour notification, monthly final report), DORA Article 17 (financial entity ICT incident classification), UK GDPR Article 33 (72-hour ICO notification for personal data breaches), and NHS DSPT mandatory incident reporting. Managing parallel regulatory notifications during an active incident is a critical practitioner skill that MCQ certifications do not develop.

Is XCIR suitable for NHS and public sector IR professionals?

Yes. XCIR is explicitly aligned to NHS DSPT incident reporting, NCSC IR guidance, and UK GDPR, making it directly applicable for NHS and public sector IR professionals. The NIS2 and NCSC alignment also supports Direct Award procurement justification for IR retainer services in UK government and healthcare.

What does the Day 6 live scenario involve?

Participants receive a simulated enterprise environment experiencing an active incident. They must triage, scope, contain, eradicate, and initiate recovery while meeting simulated regulatory notification deadlines and communicating with simulated leadership. The senior practitioner observes decision quality, regulatory compliance, and technical execution throughout the scenario.

What career paths does XCIR support?

Incident Responder (£50,000 to £90,000 UK), IR Team Lead (£70,000 to £110,000), DFIR Consultant (£700 to £1,400 per day), and Cyber Insurance IR Specialist. With the Practitioner Assessment Report, XCIR holders have documented evidence of live incident management capability rather than an exam result.

XCIR: Xcademia Cyber Incident Response Practitioner

Name: XCIR: Xcademia Cyber Incident Response Practitioner
Price: 3995 GBP
Availability: InStock

A cyber incident does not wait. When the call comes, the incident responder who has only passed a multiple choice test is dangerous. XCIR is built for professionals who need to perform under pressure: containing the attacker, preserving evidence, communicating with leadership, and meeting the regulatory notification timelines that NIS2 and DORA now mandate.

Across six instructor-led days, participants build capability across the complete IR lifecycle: preparation and planning, detection and scoping, containment strategy, evidence preservation, eradication, recovery, and post-incident activities. Sessions cover Windows and Linux IR, active directory compromise response, cloud IR across AWS and Azure, ransomware playbooks, insider threat response, and regulatory notification workflows aligned to NIS2 Article 23, DORA Article 17, and UK GDPR Article 33.

On Day 6, participants manage a live simulated incident from initial detection through containment, eradication, recovery, and final incident report. The senior practitioner observes decision-making, technical execution, communication, and regulatory compliance throughout. XCIR certificate and Practitioner Assessment Report issued together. Aligned with NIST SP 800-61, ISO 27035, CISA IR Playbooks, NIS2, DORA, UK GDPR, and NHS DSPT.

Hands-On Learning

Live IR scenario exercises covering Windows triage, active directory compromise response, cloud IR across AWS and Azure, ransomware containment, evidence preservation, and regulatory notification decision making under time pressure.

Mentor-Led Sessions

Mentor-led sessions covering real incident decision-making at key junctures: isolate or monitor, notify or investigate further, pay ransom or restore from backup. Drawn from real-world incident case studies.

Flexible Delivery Options

Ways to Learn

Choose the learning format that works best for you and your team

6 Days

Small cohorts

On successful completion of XCIR: Xcademia Cyber Incident Response Practitioner, learners are assessed on the final day through a supervised practitioner scenario. Three outcomes are possible, Certificate Awarded, Certificate Deferred, or Not Awarded. The Practitioner Assessment Report and certificate are issued together. Verified at xcademia.com/verify.

Certificate Awarded

Assessed competent on the final day.

Certificate Deferred

Resit available on a future cohort.

Not Awarded

Attendance record issued. Reassessment possible.

Exam & Certification Information

Everything you need to know about the certification exams

Awarding Organisation

GCIH is a 6-day course followed by a 5-hour open-book exam. Total cost is approximately $9,779. XCIR is 6 instructor-led days ending in a supervised live incident response scenario on Day 6: not an open-book exam but an observed real-time response engagement. The Practitioner Assessment Report documents your incident management decisions, regulatory compliance, and technical execution. Less than half the GCIH price.

XCIR: Xcademia Cyber Incident Response Practitioner

Course Overview

Hands-On Learning

Mentor-Led Sessions

Career-Ready Skills

Learning Outcomes

Prerequisites

Detailed Syllabus

Domain 1 : IR Foundations, Preparation and Detection

Module 1 : Incident Response Methodology and Preparation

Topics Covered:

Module 2 : Incident Detection, Triage and Scoping

Module 3 : Windows and Linux Incident Triage

Module 4 : Network Isolation and Containment Strategy

Domain 2 : Active Directory IR, Cloud IR and Ransomware Response

Domain 3 : Eradication, Recovery and Regulatory Notification

XCIR: Xcademia Cyber Incident Response Practitioner — Capstone Project

Framework Alignment

NIST SP 800-61

ISO 27035

CISA IR Playbooks

NIS2 Article 23

DORA Article 17 to 23

UK GDPR Article 33

NHS DSPT

NCSC IR Guidance

Skills You'll Gain

Career Progression

Ways to Learn

Live Online

Prefer a Faster, Personalised Route into IT?

Xcademia Certification Programme

Exam & Certification Information

Important Information

Frequently Asked Questions

Ready to Start Your Learning Journey?