The Articles declare CREST’s objective is “to represent the Information Security Industry”.
In order to achieve this, CREST will:
- offer a demonstrable level of assurance of the processes and procedures of member organisations
- validate the competence of technical information security testers
- promote the application of high quality, secure information security testing, response, design and other services
- make available an up to date list of accredited organisations who have the resources, experience and appropriate qualifications to deliver these services
- maintain a register of individuals who have successfully achieved the technical qualifications required to ensure competency in these services
- enforce Codes of Conduct for accredited individuals and organisations
- ensure that accredited individuals and organisations remain abreast of emerging trends and new technologies
- disseminate information deemed of interest and relevance to members, qualified individuals and other appropriate organisations
- work closely with skills organisations, academia and training bodies to develop a structured approach for entry into the industry
- establish professional development pathways
- promote good practice and standards internationally
The Articles of Association are also supported by a legally-binding suite of Bye-Laws that determine the day-to-day operation of CREST.