Incident Response Retainer

Beware of Cyber Crime: our NFIR CERT provides immediate help and experts listening 24/7 to better protect your organization from IT security incidents. Get a guarantee of efficient and adequate assistance within 3 hours with our Incident Response Retainer.
NFIR beeldmerk kleur
NFIR beeldmerk kleur

Incident Response Retainer

Beware of Cyber Crime: our NFIR CERT provides immediate help and experts listening 24/7 to better protect your organization from IT security incidents. Get a guarantee of efficient and adequate assistance within 3 hours with our Incident Response Retainer.

With an Incident Response Retainer Contract, your organization can count on immediate and adequate assistance from experts on the NFIR Computer Emergency Response Team. You use this service 24/7 365 days a year when your organization becomes a victim of Cyber Crime or faces other security incident requiring immediate assistance. By building a relationship with your organization’s crisis team and understanding the relevant processes and technology within your organization, quick and appropriate action can be taken. The triage and containment phase will be a lot more efficient because of proper preparation and knowledge about your IT infrastructure and processes.

Your organization can reduce the likelihood of an IT Security incident, but completely eliminating it is nearly impossible. The impact of an incident is not limited to financial loss, but often causes reputational damage as well. The impact and damage of an incident often becomes much greater if swift and appropriate action is not taken immediately upon discovery of the incident. If you are well prepared then you have an Incident Response plan and the crisis team within your organization is assembled and practiced. Almost all organizations deploy the help and expertise of external cyber security specialists in the event of an IT security incident. A Computer Emergency Response Team supports triage and containment (recovery) of affected systems and forensically secures data to further investigate the cause and impact of the incident. Because cybercrime is common today, Cyber Security specialists are regularly busy offering help to other organizations. You want to be able to count on the party that has your trust and knows your organization. NFIR has introduced an Incident Response Retainer so you have the guarantee that you can count on the expertise of the NFIR CERT within 3 hours. And not only that. In preparation for a possible incident, we make very important preparations together with your organization to be able to act quickly and appropriately if necessary.

Efficient and fast help is essential for your organization

With the deployment of the Incident Response Retainer, we can help your organization quickly and efficiently. Much faster than when you first contact us and we do not yet know your IT infrastructure, procedures and crisis team. Our Computer Emergency Response Team (CERT) will provide on-site or immediate remote assistance in handling your IT Security incident within 3 hours at your location. By building a relationship with your organization’s (intended) crisis team and being well-prepared for relevant processes and technology, appropriate action can be taken when necessary. This saves a lot of valuable time, increases the likelihood that the impact of an incident can be mitigated and, therefore, the direct costs of a Security Incident.

What does an Incident Response Retainer offer?

Incident Response Retainer

Always reachable and available

The CERT is available to you 24/7 and 365 days a year and available through an Incident Response emergency number

Incident Response Retainer

Fast response times

We guarantee that the CERT will mobilize and provide assistance within 3 hours at your location (or directly remotely).

Incident Response Retainer

Permanent IT security partner

A steady IT-Security partner at your side with a lot of incident experience who takes the reigns in the event of Security Incidents.

Incident Response Retainer

Incident & Forensics readiness inventories

Biennial Incident & Forensics readiness inventories to know your processes, technology, stakeholders and crisis organization.

Incident Response Retainer


NFIR CERT uses Incident Response & Forensics tooling Velociraptor. Ideally, these tools should be rolled out preventively.

Incident Response Retainer

Evaluations after handling an incident

Completed IT security incidents are evaluated with your crisis organization

Reliable research by a certified team

NFIR is an official Computer Emergency Response Team (CERT). NFIR’s CERT consists of certified and experienced Incident Responders, Digital Forensic Investigators and committed Project Leads. The CERT has mastered SANS Incident Response procedures and employees hold relevant certifications. If a CERT performs on-site Incident Response work, NFIR will bring the necessary equipment and tooling to operate independently during an IT Security incident. In addition, NFIR is a Private Investigation Agency and holds a POB license issued by the Ministry of Justice and Security (POB number 1672). We are authorized to conduct investigations of natural persons and comply with applicable laws and regulations and the Privacy Code of Conduct of the industry association BPOB of which we are a member.

Want to learn more about the Incident Response Retainer, what terms and conditions apply and what preparations we make to help your organization quickly and appropriately if you encounter an IT Security Incident? Then contact us for a no-obligation appointment. We will be happy to inform you about the service, all terms and conditions and the annual fee.

  • Triage: the aim of this step is to identify the source(s) and affected devices and/or systems, set priorities based on these and determine the plan of approach for further research. At the same time, data is safeguarded in a forensic way for possible further investigation.
  • Containment:this process involves restoring affected devices and/or systems and verifying security so normal operations can resume.
  • Post incident activities: When the incident is resolved, a forensic investigation report is prepared. The report proposes solutions to prevent a similar event from occurring in the future. NFIR can also support and/or advise in the communication towards the Data Protection Authority, attorney at law and other parties involved.

CERT stands for Computer Emergency Response Team. The attribute is awarded by Carnagie Mellon University to companies and teams involved in digital security incidents. In the Netherlands, there are a number of official CERTs of large organisations involved in combating cyber incidents, such as the NCSC, the IBD, the Ministry of Defence, telecom organisations and banks.

The aim of the incident response team is to minimise the impact of the cyber incident as quickly as possible so that the continuity of your organisation is no longer at stake.

The Incident Response team is always provided with the right digital forensic equipment to serve the clients directly on location. NFIR continuously invests in fast, reliable and leading equipment and tooling that allows multiple Incident Response teams to operate simultaneously.

  1. Contact NFIR’s Computer Emergency Response Team (088-133 0700).
  2. The CERT takes action. All necessary equipment is packed and within 3 hours the CERT is on site
  3. On site, the intake is conducted with all stakeholders to gather all available information about the incident.
  4. After granting the order, triage on the affected systems will be started.
  5. As soon as it is clear which systems have been affected or need further investigation, data will be secured according to a digital forensic procedure.
  6. In the containment phase, the affected systems are restored and security is verified to prevent a recurrence of the incident
  7. In the post-incident phase, the secured data is further digitally forensically examined. As many answers as possible are given to the research questions and the subject matter of the research. All findings and recommendations will be included in a report that will be delivered at the conclusion of the incident. This report can be used for internal and external purposes (such as supervisors and for legal proceedings).

This is not necessary in all cases, but often the client wants to know the extent of the incident and supervisors ask questions that can be answered by conducting an investigation. In all cases, NFIR is obliged to provide a report.

Companies mainly benefit from good preventive measures and direct help from security professionals in the event of a cyber security incident. NFIR offers a Cyber Security Support Contract that meets this exact need. For a small amount per year, without excess, we offer a very valuable package of preventive and reactive services and your organization is assured of the very best help!

Companies benefit from good preventive measures and direct assistance from security professionals in the event of a Cyber Security incident. NFIR meets exactly this need with its Security Contracts.