Incident Response Retainer

Preparedness and 24/7 guaranteed immediate assistance for cyber incidents

Knowledge of your network, processes and crisis team allows us to act efficiently and appropriately in cyber incidents.
Your guarantee of the very best and fastest assistance in cyber incidents
NFIR beeldmerk kleur
NFIR beeldmerk kleur

Incident Response Retainer

Preparedness and 24/7 guaranteed immediate assistance for cyber incidents

Knowledge of your network, processes and crisis team allows us to act efficiently and appropriately in cyber incidents.
Your guarantee of the very best and fastest assistance in cyber incidents
Incident Response Retainer

Always available

The CERT is available to you 24/7 and 365 days a year and available through an Incident Response emergency number

Incident Response Retainer

Fast response times

We guarantee that the CERT will mobilize and provide assistance within 3 hours at your location (or directly remotely).

Incident Response Retainer

Permanent IT security partner

A steady IT-Security partner at your side with a lot of incident experience who takes the reigns in the event of Security Incidents.

Incident Response Retainer

Incident & Forensics readiness inventories

Biennial Incident & Forensics readiness inventories to know your processes, technology, stakeholders and crisis organization.

Incident Response Retainer


NFIR CERT uses Incident Response & Forensics tooling Velociraptor. Ideally, these tools should be rolled out preventively.

Incident Response Retainer

Evaluations after handling an incident

Completed IT security incidents are evaluated with your crisis organization

24/7 assurance of adequate cyber incident assistance

With an Incident Response Retainer Contract as cyber insurance, your organization can count on immediate and adequate assistance from experts on the NFIR Computer Emergency Response Team. You use this service 24/7 365 days a year when your organization falls victim to cybercrime or faces other security incidents requiring immediate assistance. By building a relationship with your organization’s crisis team and understanding the relevant processes and technology within your organization, quick and appropriate action can be taken. The triage and containment phase will be a lot more efficient because of proper preparation and knowledge about your environment and processes!

The Incident Response Team of NFIR

NFIR’s team consists of digital forensic investigators, ethical hackers and team leads who all have Incident Response experience. After notification of the security incident, a team is put together that expresses its opinion. The size of the team depends on the type of cyber incident. Of course, all members of the team will work forensically during this process. All findings during the investigation will hold up in any lawsuit.

Preventing security incidents is obviously better than curing them. We are convinced that companies benefit above all from good preventive measures, both technically and in terms of awareness. For that reason, NFIR performs pen testing, provides Security Awareness services and offers the IR Retainer.


NFIR’s CERT consists of certified and experienced Incident Responders, Digital Forensic Investigators and committed Project Leads. The CERT has mastered SANS Incident Response procedures and employees hold relevant certifications. If a CERT performs on-site Incident Response work, NFIR will bring the necessary equipment and tooling to operate independently during an IT Security incident. In addition, NFIR is a Private Investigation Agency and holds a POB license issued by the Ministry of Justice and Security (POB number 1672). We are authorized to conduct investigations of natural persons and comply with applicable laws and regulations and the Privacy Code of Conduct of the industry association BPOB of which we are a member.

I want immediate and guaranteed help with Cyber incidents!

Want more information about the Incident Response Retainer, what terms and conditions apply and what preparations we make to help your organization quickly and appropriately should you experience a cyber incident? Then contact us for a no-obligation appointment. We will be happy to inform you about the service, all terms and conditions and the annual fee.

Don’t wait any longer and be assured of a certified crisis team in time of need today!

What clients have to say

  • Triage: the aim of this step is to identify the source(s) and affected devices and/or systems, set priorities based on these and determine the plan of approach for further research. At the same time, data is safeguarded in a forensic way for possible further investigation.
  • Containment:this process involves restoring affected devices and/or systems and verifying security so normal operations can resume.
  • Post incident activities: When the incident is resolved, a forensic investigation report is prepared. The report proposes solutions to prevent a similar event from occurring in the future. NFIR can also support and/or advise in the communication towards the Data Protection Authority, attorney at law and other parties involved.

CERT stands for Computer Emergency Response Team. The attribute is awarded by Carnagie Mellon University to companies and teams involved in digital security incidents. In the Netherlands, there are a number of official CERTs of large organisations involved in combating cyber incidents, such as the NCSC, the IBD, the Ministry of Defence, telecom organisations and banks.

The aim of the incident response team is to minimise the impact of the cyber incident as quickly as possible so that the continuity of your organisation is no longer at stake.

The Incident Response team is always provided with the right digital forensic equipment to serve the clients directly on location. NFIR continuously invests in fast, reliable and leading equipment and tooling that allows multiple Incident Response teams to operate simultaneously.

  1. Contact NFIR’s Computer Emergency Response Team (088-133 0700).
  2. The CERT takes action. All necessary equipment is packed and within 3 hours the CERT is on site
  3. On site, the intake is conducted with all stakeholders to gather all available information about the incident.
  4. After granting the order, triage on the affected systems will be started.
  5. As soon as it is clear which systems have been affected or need further investigation, data will be secured according to a digital forensic procedure.
  6. In the containment phase, the affected systems are restored and security is verified to prevent a recurrence of the incident
  7. In the post-incident phase, the secured data is further digitally forensically examined. As many answers as possible are given to the research questions and the subject matter of the research. All findings and recommendations will be included in a report that will be delivered at the conclusion of the incident. This report can be used for internal and external purposes (such as supervisors and for legal proceedings).

This is not necessary in all cases, but often the client wants to know the extent of the incident and supervisors ask questions that can be answered by conducting an investigation. In all cases, NFIR is obliged to provide a report.

Companies mainly benefit from good preventive measures and direct help from security professionals in the event of a cyber security incident. NFIR offers a Cyber Security Support Contract that meets this exact need. For a small amount per year, without excess, we offer a very valuable package of preventive and reactive services and your organization is assured of the very best help!

Companies benefit from good preventive measures and direct assistance from security professionals in the event of a Cyber Security incident. NFIR meets exactly this need with its Security Contracts.


De volgende 30 minuten van cruciaal belang​!

De eerste 30 minuten na een cyber security incident zijn cruciaal omdat snelle reactie de schade kan beperken, verdere verspreiding van de aanval kan voorkomen en essentieel bewijsmateriaal veiliggesteld kan worden voor onderzoek en herstel.

Onze Computer Emergency Response Teams (CERT) staan 24/7 klaar om bedrijven en organisaties te ondersteunen bij IT-beveiligingsincidenten.

Heeft uw bedrijf professionele hulp nodig bij een beveiligingsincident? 


The next 30 minutes are crucial!

The first 30 minutes after a cyber security incident are crucial because rapid response can limit damage, prevent further spread of the attack and secure essential evidence for investigation and recovery.

Our Computer Emergency Response Teams (CERT) are available 24/7 to support businesses and organizations during IT security incidents.

Does your company need professional help with a security incident?