Governance

CREST International provides global support to regionally based CREST Chapters. CREST International currently operates 4 regions split across EMEA (Europe, Middle East and Africa), The Americas, Asia and Australasia. CREST International supports local countries to build their own CREST chapters, to service the needs of the local market. This is then supported by CREST International with research, certifications and accreditation programs being delivered consistently across the globe.

The CREST International structure is managed by representatives from individual chapters.  There are two legal directors who devolve responsibility to the International Executive for the day to day management of the organization.  In addition, there are a number of key executives that are employed by CREST International to deliver financial control, technical strategy, business development and support services.

CREST International is based in the UK, however it represents the needs of the global cyber security market.  As a consequence, its strategy is aligned to that of nurturing global capability, capacity and consistency and is not tied to any country specific agenda.

CREST hold a Register of Interests for the Executive which is reviewed at each bi-monthly meeting in order to maintain the integrity of the group.

CREST Codes of Conduct
The CREST Codes of Conduct contains basic principles of good business practice and ethics which are all-pervasive. They describe the standards of practice expected of Member Companies and individuals holding CREST certifications.

The Codes of Conduct set out CREST’s conduct requirements to enable Member Companies and Individuals holding CREST Qualifications to consider how best to achieve the right outcomes for their clients.

For Member Companies this means conduct as described in, but not limited to, the submission made to CREST for membership: It is incumbent upon the company to ensure that all relevant staff, contractors and partners are aware of the policies, processes and procedures submitted and reviewed by CREST.

For CREST Qualified Individuals this means that when providing services to a CREST Member Company, it is incumbent upon them to familiarise themselves and comply with the policies, processes and procedures of that CREST Member Company as they will be held to account for their actions.

The Codes are underpinned by effective client complaints handling measures.

Further details on our Codes of Conduct can be found here.

CREST Company Complaints and Resolutions
All CREST member companies have submitted policies, processes and procedures relating to their service provision to CREST. These have been fully assessed by CREST and have been deemed fit for purpose. Re- submission is required every year and CREST reserve the right to conduct a full re-assessment every three years to ensure currency.

CREST member companies must sign up to a binding and enforceable company Code of Conduct annual which ties them to their CREST submission. They also agree to align their complaints process with that of CREST. This forms the basis of any complaint resolution.

A copy of CREST’s Complaints and Resolution handling measures can be downloaded here:
CREST Complaints and Resolutions Process (PDF)

If you have a query, please email [email protected]

Impartiality
CREST regards impartiality as critical to our professional integrity and reputation in carrying out our membership and certification activities. In particular, the CREST Executive place emphasis on competence, the management of conflict of interest, confidentiality and the objectivity and professional ethics of all of our activities.

As such, CREST is committed to:

You can click on the link to download a copy of the CREST Impartiality Policy.

GDPR Compliance Statement
 You can read CREST’s GDPR Compliance Statement here.