We are a membership organisation and member representatives shape our activities and policies through our elected councils and other channels.
Members sit at the heart of everything we do. Our governance structure is designed to ensure that we democratically represent the diverse nature of our member companies, their international interests and the technical cyber security disciplines around which our industry is based.
Our umbrella body is CREST International which is a not-for-profit company limited by guarantee. Our strategy is aligned to that of nurturing global capability, capacity, consistency and community and is not tied to any country-specific agenda.
Our activities currently cover five global regions: North America, Asia, Australasia, EMEA and the UK. We offer central services in support of these regions which includes accreditation, certification, governance, communication and much else.
Each region is served by an elected council drawn from member companies operating in the region and we currently have Regional Councils covering North America, Asia, Australasia, Europe and the UK.
The Regional Councils manage the country-specific interests of member companies. The Councils encourage buyers to use our member companies for added reassurance of quality of service and to encourage the upskilling of technical cyber security professionals in the region.
The chairs of the five Regional Councils sit on the International Council which also comprises international representatives of each of the primary industry disciplines as well as senior members of CREST International staff.
Responsibility for the day-to-day running of CREST International is the responsibility of a senior management team.
We, our members and those holding our certifications are governed by a series of strict codes and policies which you can access via the links on the right of this page.
For governance, complaints and any operational enquiries, please email: