A Code of Conduct sets out the principles, values, standards and rules of behaviour that guide decisions, procedures and systems in a way that contributes to the welfare of clients and respects the rights of all constituents affected by such operations.
Those involved in providing technical information security advice and services hold the role of trusted advisers and there are duties arising from this role and obligations owed to others. This activity is outcomes-focused and concentrates on providing positive outcomes which when achieved will benefit and protect clients.
No Code can foresee or address every issue or ethical dilemma which may arise and member companies and qualified individuals must uphold the intention of the codes as well as their letter.
Our Codes of Conduct contain basic principles of good business practice and ethics which are all-pervasive. They describe the standards of practice expected of member companies and individuals holding our certifications.
The codes set out our conduct requirements to enable member companies and certified individuals to consider how best to achieve the right outcomes for their clients.
For member companies this means conduct as described in, but not limited to, the submission made to us for membership: it is incumbent upon the company to ensure that all relevant staff, contractors and partners are aware of the policies, processes and procedures submitted and reviewed by CREST.
For individuals who hold our certifications this means that when providing services to a CREST member company, it is incumbent upon them to familiarise themselves and comply with the policies, processes and procedures of that CREST Member Company as they will be held to account for their actions.
The Codes are underpinned by effective client complaints handling measures.
Member companies and certified individuals are expected to exercise their own judgement, which should be made in such a way as to be reasonably justified, to meet the requirements of the our Codes of Conduct and you should seek advice from us if in doubt.
Our Codes of Conduct include requirements covering the following headline areas:
For further information on our Codes and complaints processes, please email: