When buying any professional service, organisations need assurances that the supplier the engage is reputable, trustworthy, competent and, while they hope not to need them, that it has a clear complaints and resolution process in place.
Cyber security is no different, and CREST accredits, certifies and quality assures 300 member companies worldwide.
Our rigorous accreditation process covers the policies, processes and competencies that member companies have in place for delivery of their services.
Member companies also abide by our enforceable Codes of Conduct and Ethics and our Complaints and Resolution Measures.
Our members operate worldwide, each offering a range of services and specialisms.
All members must complete a rigorous application process which examines their quality processes and procedures; compliance with standards compliance (e.g. ISO27001, ISO9001); professional indemnity insurance; contract management; informational security processes; complaint handing and conflict of interest policies.
Prospective members can apply for membership in specific cyber security disciplines such as Penetration Testing, Red Teaming, Threat Intelligence and Security Operations and Incident Response. Each discipline has its own assessment criteria and we review the specific methodologies, competencies and experiences against an ever-enhancing set of expectations and norms.
Member companies delivering CREST-accredited services in specific disciplines must used suitably competent and qualified individuals who are registered and issued with CREST IDs. This provides a further level of assurance for buyers.
We run exams to assess the skills, knowledge and competencies of individual cyber security professionals. Our internationally recognised certifications are awarded as a kitemark of excellence, with candidates demonstrating their capabilities in time-boxed written and lab-based examinations.
By combining the accreditation of member companies with the certification and assessment of their employees, CREST has unique insight that enables us to signpost skilled and competent service providers back to the buying community.
Historically there has been very little in the way of barriers to individuals or organisations proclaiming to be expert in cyber security.
Almost anyone with a computer and a reasonable knowledge of IT systems has been able to set themselves up as a provider of cyber services and due to the complexity of the language, buyers have often found themselves receiving services that fall short of their expectations or needs.
The CREST approval process addresses the asymmetry of information that exists in the cyber security industry by delivering world class accreditation, certification and skills and competency measurement services.
Unless you know exactly what cyber security service you need and which supplier you want to deliver it, then finding the right company can be challenging.
We are aware of that and have created an easy-to-use, interactive online process to assist organisations looking to acquire cyber security services.
By answering a series of straight forward questions, you can filter our database of 300 accredited and assured member companies to create manageable lists of high-quality providers.
When you find a supplier you like you can contact them directly through the online contact form or you can request them to call you back. The whole process is designed to be an easy, intuitive and quick way for organisations to connect with CREST approved service providers.