CREST is a not-for-profit accreditation body that represents the technical information security industry. As part of this, CREST provides internationally recognized certifications for organizations and individuals providing penetration testing, cyber incident response, cyber threat intelligence, and security architecture services. Member companies undergo a rigorous assessment and certification process that looks at methodologies, legal and regulatory standards, staff vetting and data handling.
CREST-qualified individuals have passed challenging professional-level examinations that demonstrate their knowledge, skill, and competence. Company assessments and individual qualifications are underpinned by a strict and enforceable code of conduct. CREST examinations and processes have been reviewed and approved by CESG, the Information Security arm of GCHQ. CREST has member companies in a number of countries and a formally established Chapter in Australia
The CREST Cyber Security Incident Response Scheme (CSIR) is endorsed by GCHQ and CPNI and focuses on appropriate standards for incident response from all sectors of industry, the public sector, and academia. In addition, the CREST Security Architecture examination is formally recognized under the UK CESG Certified Professional Scheme.
CREST, jointly with CESG, developed a technical assessment and certification framework for the Cyber Essentials scheme. The CREST assessment and certification for Cyber Essentials balances security and affordability, to enable widespread adoption of the scheme to organizations of all types and sizes.
Working alongside the Bank of England (BoE), CREST developed a framework to deliver controlled, bespoke, intelligence-led cybersecurity tests that replicate behaviors of those threat actors, assessed by Government and commercial intelligence providers as posing a genuine threat to systemically important financial institutions.