The Cyber Security Incident Response (CSIR) Maturity Assessment Tool is a spreadsheet-based tool developed by CREST to help organisations evaluate the maturity of their cyber security incident response capability. The tool measures maturity on a scale of 1 (least effective) to 5 (most effective), structured around a maturity model based on 15 steps within a 3-phase cyber security incident response process. It is available in two formats: - High-level spreadsheet: for summary-level assessments - Detailed spreadsheet: for in-depth, granular assessments The tool was developed in collaboration with a broad range of stakeholders, including industry bodies, consumer organisations, the UK government, and suppliers of expert technical security services. Both spreadsheet versions are freely downloadable from the CREST website. A part-completed example is also available to aid understanding of how the tool is used. A detailed overview document is available as a separate downloadable PDF.