CREST is a not-for-profit accreditation and certification body and trade association that represents and supports the technical information security market. CREST was set up in 2006 in response to the clear need for more regulated professional services and is now recognised globally as the cyber assurance body for the technical security industry.

CREST provides internationally recognised accreditations for organisations and individuals providing penetration testing, cyber incident response and threat intelligence services. All CREST member companies undergo stringent assessment; while CREST qualified individuals have to pass rigorous professional level examinations to demonstrate knowledge, skill and competence. CREST also supports the industry by providing in-depth guidance material and commissioning detailed research projects.

All CREST research is provided to the industry free of charge. Through CREST’s demanding accreditation process, organisations buying security testing and incident response services get the assurance that:

  • • The services will be delivered by trusted companies with best practice policies and procedures.
  • • The work will be conducted by highly-qualified individuals with up to date knowledge, skill and competence to deal with all the latest vulnerabilities and techniques used by real attackers.
  • • Both the company assessments and individual qualifications are underpinned by meaningful and enforceable codes of conduct.