Examination Material - Final Statement

26 August 2021:  CREST has published a detailed statement on the investigation into the unauthorised posting online of exam-related material. The statement is available to download here:
Investigation Statement

♦ ♦ ♦ ♦ ♦

10 May 2021:  CREST can further update members on the progress of the Investigation Review Process.

Since the last update on 18 February, we have been working through a detailed Investigation Review Process that began after CREST received the Report of the Independent Investigator on 24 December last year. The Process is ongoing.

As part of the Process and in addition to the appointment of an Independent Investigator, a Panel has been established drawn from the elected CREST GB Executive.  The role of the Panel is to ensure that the Process undertaken is fit for purpose, that the material gathered and documented as part of the investigation is rigorous and that any subsequent observations are fair.

The Report of the Independent Investigator contains information that was obtained in confidence and, therefore, in line with both the terms of the Process and CREST’s Complaints and Resolution Measures, the Report is confidential and cannot be made public.

CREST will, however, issue a detailed statement at the conclusion of the Process.

We appreciate your ongoing patience and understanding.

Throughout, CREST has been working closely with the National Cyber Security Centre (NCSC) to manage any potential impact on the CHECK Scheme.

For all queries contact [email protected]

♦ ♦ ♦ ♦ ♦

18 February 2021:  Following our last communication to you on 22 December 2020 about the independent investigation into the depositing of material relating to CREST exams in the public domain, CREST can advise that we have reached the following stage in the process.

CREST is now considering the Report of the Independent Investigator, including any actions arising from it. We will also consider observations on the Report, made by NCC Group, which have now been received by CREST.

Further updates will be provided as soon as we are able.

We thank you for your ongoing patience.

For all CREST releases relating to the posting of the material, please continue to visit https://www.crest-approved.org/

For all queries contact [email protected]

♦ ♦ ♦ ♦ ♦

22 December 2020:  Further to our previous updates on the depositing of material relating to CREST exams in the public domain, CREST can announce that the independent investigation into the circumstances is close to completion.

The thorough nature of the independent investigation, carried out by former Detective Chief Inspector Adrian Lennox-Lamb, has meant a longer timeframe than was originally envisaged. In this, we are extremely appreciative of the patience and understanding shown by CREST members and others.

CREST is also deeply appreciative of the comprehensive nature of Mr Lennox-Lamb’s work and can now share the following information with you:

We appreciate the interest from members relating to the investigation and CREST will issue further updates, when we are able, in the New Year.

Thank you again for your continued patience and understanding.

For all CREST releases relating to the posting of the material please visit https://www.crest-approved.org/ 

For further information contact [email protected]

♦ ♦ ♦ ♦ ♦

21 October 2020:     Further to our previous updates, we wanted to confirm that the thorough and detailed forensic investigation is still ongoing and also to offer reassurance that CREST will provide updates once the investigation has concluded.  Until then, we are unable to provide any additional information. We also wanted to take the opportunity to thank everyone for their patience and understanding while the investigation is ongoing.

The confidential email address – [email protected] –  remains still available if you have relevant information about the unauthorised publication of the confidential material and you would like to contact the investigator.

♦ ♦ ♦ ♦ ♦

10 September 2020:     The independent investigator Adrian Lennox-Lamb has begun work and anyone who has information that may be relevant to the investigation can contact him via the confidential email address – [email protected].

Please rest assured, the identity of anyone contacting him at this email address will be known only to him.

Adrian Lennox-Lamb is a former Detective Chief Inspector and senior investigating officer, with experience of major crime investigation and anti-corruption.  He has over 12 years’ experience of workplace investigations in the public, private and third sectors and has no previous connections within the cyber security community.

♦   ♦   ♦   ♦   ♦

3 September 2020:    Further our previous updates on 12th, 17th and 20th August (see below), we wanted to provide a further update on what CREST has been doing to support the investigation into the recent deposit of confidential exam material into the public domain.

Firstly, the independent investigator has begun work ascertaining the full circumstances.  He would like to hear in confidence from anyone who may have relevant information about the unauthorised publication of the confidential material and urges them to contact him via a confidential email address ([email protected]).  Anyone with information can be fully assured that their identity will be known only to the investigator and will not be disclosed to any other parties.

Secondly, the investigator will be working with the NCSC to support their own investigation into the leaked material as well as liaising directly with NCC Group.  The timeline for the investigation will be defined at the end of this week (4 September).

Finally, our thanks go to our assessors and the exam development group who have worked hard to create new content for our Certified Infrastructure and Certified Web Applications examinations.  We will be able to recommence delivery of these practical examinations from 7 September for Infrastructure and from 5 October for Web Applications.  All of the affected candidates have already been provided with these dates and will be given priority for examination bookings.

We will provide further updates when we have them.

♦   ♦   ♦   ♦   ♦

20 August 2020:   Following our most recent communication dated 17 August, we wanted to let you know that the CREST (GB) Executive has voted in Rob Dartnall to act as Interim chair in place of Mark Turner (NCC group).  Rob Dartnall is CEO and Director of Intelligence for Security Alliance Ltd, a Cyber Threat Intelligence company.  Mark Turner is recused for the duration of the investigation.  In addition to this, all NCC Group assessors have temporarily stepped away from any activities related to CREST examinations.

CREST would also like to announce that an independent investigator has been appointed.  He is a former Detective Chief Inspector and has been selected for his independence, integrity and investigatory skills.

We have also appointed legal counsel to advise CREST and to oversee any necessary dialogue with NCC Group, the investigator or any other third parties involved.  This is to further ensure the independence of the investigation.

As a reminder, all CREST Certified Infrastructure Tester (CCT Inf) and CREST Certified Web Application Tester (CCT App) practical examinations have been suspended while the examination content is updated.  This decision was taken to protect the integrity of the examinations and the subsequent certifications.  It is anticipated that the update will be complete within the next 3-4 weeks and the syllabus will not change.

CREST will be interfacing and co-operating with other independent investigations.

We will provide further updates when we have them.

♦   ♦   ♦   ♦   ♦

17 August 2020:
     CREST is aware that further documents were posted online on Saturday 15 August 2020. To ensure that the integrity of the CREST Certified Infrastructure Tester (CCT Inf) and CREST Certified Web Application Tester (CCT App) certifications are maintained, these CCT practical examinations will be suspended while the examination content is updated.  It is anticipated that this will be complete within the next 3-4 weeks and we will be speaking to those candidates who are scheduled to take examinations in August and September to keep them informed of progress.

All candidates due to take CCT practical examinations this week and next have already been informed.  The syllabus will not change.

♦   ♦   ♦   ♦   ♦

12 August 2020
:     Further to our earlier statement on 11 August – see below – you may already be aware some content was posted by an unidentified individual on Github that appears to be training material from NCC Group for CREST examinations.  This is currently being investigated.  We are sure you appreciate that an investigation of this nature takes time.  However, we wanted to update you fully on the current position:

1.  The data publicised has been reviewed by the assessors’ panel and falls into three categories:

  1. Content which is not judged to relate to examination content and appears to be internal training material.
  2. Content which relates to current or recent past examination content, whose purpose appears to be to instruct others in passing the examination rather than providing technique instruction in a more general sense.
  3. Content which makes unsubstantiated suggestions including that further examination content exists, whose purpose appears to be to instruct others in passing the examination.

2.  The content is of no technical value to candidates looking to undertake a CREST practical exam.

3.  The content falling under (a) will be reviewed and tested against evidence.  This will also ensure we understand its compliance with the wider set of CREST policies.

4.  NCC will be providing further details in relation to the content falling under categories (b) and (c) in a written response to CREST.  The route that the investigation takes, and the consequential next steps, will depend on the responses that are provided.

5.  NCC are co-operating fully with CREST.

6.  The assessors have confirmed that the content which falls under (b) is no longer current; this was deprecated in components between June 2018 and July 2020.

CREST will be appointing an independent panel to investigate the case including the extent to which NCC were aware, or should have been aware, of the content of their training material.  For the avoidance of doubt, the CREST GB Chair, Mark Turner (NCC Group) has recused himself from any involvement in this investigation.

CREST takes breaches of its non-disclosure agreements very seriously and expects high standards of ethical behaviour from both its member companies and those holding CREST qualifications.  CREST will take appropriate action once its investigation has been completed.

We fully understand all of the concerns that have been expressed and this investigation will take full account of them.  Further updates will be provided as soon as we have them.

♦   ♦   ♦   ♦   ♦

11 August 2020:     CREST is aware of the content that has been posted by an individual on Github. We have conducted our initial investigation and this does not affect the integrity of current CREST examinations. The content appears to mainly be internal training material produced by member company. There is also a small amount of old exam material that has been posted by the individual however this is out-of-date and is no longer used in CREST examinations. We can confirm that neither the “crestnda” or the “crestapproved”  replies on Github were posted by CREST and that these accounts are not affiliated with us in any way.  We are continuing to investigate this incident.