Code of Conduct

The CREST Code of Conduct for Individuals describes the standards of practice expected of CREST Qualified Individuals providing technical information security services.

The CREST Code of Conduct for Individuals is intended for CREST Qualified Individuals working for or sub-contracted to a CREST Member Company who use the CREST name professionally.  It cannot and does not cover individuals who have passed a CREST examination but are not working or sub-contracting to a CREST Member Company.

Generic Definitions
CREST Member Companies mean companies that have been successfully assessed, agreed to the CREST Code of Conduct for Member Companies and paid the membership subscription.

CREST Qualified Individuals are those with a current CREST qualification working for or sub-contracted to a CREST Member Company.

CREST Assignments are those carried out by a CREST member company, utilising CREST Qualified Individuals and where CREST has been referred to in tender or contractual documentation.

The Codes
CREST Qualified Individuals are required to sign the CREST Code of Conduct for Individuals.  They must ensure that they are fully aware of and comply with the standards, policies and procedures defined in the CREST Member Application Form for the Member Company that they are working for and must conduct themselves in a professional and ethical manner.

The Codes of Conduct include requirements covering the following:

  • Promotion of Good Practices
  • Professional Representation
  • CREST Assignments
  • Regulations
  • Competencies
  • Client Interests
  • Sanctions
  • Ethics:  Honesty;  Prohibition of bribery, corruption and extortion;  Competition;  Integrity in business behaviour;  Application and Compliance
  • Guidelines on use of CREST logotype

There may be situations where there is a misunderstanding or dispute between a CREST Member Company and their Client.  The Codes of Conduct define the complaints and resolutions measures for an engagement that has been carried out as a CREST assignment.

This robust complaints handling procedure offers further assurance to the buying community.

CREST accepts no responsibility for the accuracy or validity of assertions or claims made by CREST Member Companies in their CREST Member Company Application Form.

CREST prescribes the method and rigor by which related services should be conducted but does not underwrite the result of the services provided by CREST Member Companies or CREST Qualified Individuals.

Click this link for a copy of the Code of Conduct for CREST Qualified Individuals