How Does CREST Operate?

CREST is the not-for-profit accreditation body representing the technical information security industry. CREST operates domestic chapters within countries, delivering tailored services that are focused on the needs of the local cyber security market.

These chapters are governed by an elected local executive of experienced security professionals, and draw upon strategic guidance from government, industry and the buying community.

CREST International is an international umbrella organization that orchestrates activities between regional chapters, whilst also providing a consistent accreditation and certification framework between individual chapters and countries. CREST International has representation from regional chapters, to ensure that the worldwide vision and strategy is aligned to the needs of the International cyber security ecosystem.

CREST provides internationally recognized accreditation for organizations and individuals providing penetration testing, cyber incident response and threat intelligence services. All CREST Member Companies undergo regular and stringent assessment. CREST qualified individuals have to pass rigorous examinations to demonstrate knowledge, skill and competence and are regularly re-examined to ensure that they have retained and maintained this capability.


CREST operates 4 regions, with individual chapters then being aligned to regions. Chapters have responsibility for aligning their strategy with that of the local domestic market. CREST International, provides overarching strategic direction, and provides shared administrative and operational capability to regions and chapters. CREST International has overarching

responsibility for coordinating consistent accreditation and certification programs across chapters and regions.