Regions icon
Membership icon
Certification icon

CREST Registered Technical Security Architect

The CREST Registered Technical Security Architect Examination (CRTSA), which is currently under review, tests candidates’ knowledge and expertise in a common set of core skills and knowledge for systems architects.   In preparation for the role of Technical Security Architect, it is important that candidates understand its purpose which can typically be summarised as driving beneficial security change into a business through the development or review of architectures so that they:

  • Fit the business requirements for security
  • Mitigate the risks and conform to relevant security policies
  • Balance information risk against the cost of countermeasures

The exam is aimed at individuals seeking to align themselves with the role of a Senior Security Architect and looking to achieve CCP Architect certification (see below).  Successful candidates will have a strong technical ability aligned with experience to recommend high level solutions.  The exam assumes that without adequate technical understanding it is not possible to perform a satisfactory and meaningful risk assessment of the implications of a particular architecture.  Success will confer CREST Registered status to the individual.

Candidates should be able to:

  • Design and implement secure IS architectures
  • Understand the responsibilities of a Security Architect
  • Identify information risks that arise from potential solution architectures
  • Design alternate solutions to mitigate identified information risks
  • Ensure that alternate solutions or countermeasures mitigate identified information risks
  • Apply ‘standard’ security techniques and architectures to mitigate security risks
  • Develop new architectures that mitigate the risks posed by new technologies and business practices
  • Provide consultancy and advice to customers on intrusion analysis and architectural problems
  • Supervise Security Architects reporting to them and understand the difficulties that they may face

Examination Format
The examination is assessed in both Written Multiple Choice and Written Long Form (scenario).  The multiple choice section measures breadth of technical knowledge;  the scenario paper focuses on design and analysis skills.

You can download the following documents from the links below:

Syllabus for the Registered Technical Security Architect examination
A generic Guide to the Examination

For costs and availability please refer to individual country booking. The examination is currently delivered at CREST examination centres.

Recommended Preparation Material
The following material and media has been cited as helpful preparation for this examination by previous candidates:


Practitioner Certificate in Information Assurance Architecture (PCIAA)
Certified Information Systems Security Professional (CISSP)
Any Information Security Masters Course from a reputable University

It is also recommended that candidates consider common architectures and try to document possible weaknesses and countermeasures.  Candidates should also familiarise themselves with common security solution components and how they can be used.

Useful Information for Candidates
How to book
Details of the Logistics and Timings of CREST examinations can be found in the Examination Preparation pages for your country of choice
CREST’s Policy for Candidates requiring special arrangements including additional time to accommodate a medical condition (including examinations delivered via Pearson Vue)
Terms and Conditions for CREST Examinations (includes hard disk drive wiping policy)

CESG Certified Professional Scheme

Successful completion of this examination will enable candidates to be considered for the CESG Certified Professional Information Assurance (IA) Architect at Senior/Lead level.

As part of the Government’s investment in cyber security, a consortium was appointed by the NCSC (formerly CESG) to provide certification for UK Government Information Assurance (IA) professionals.  The consortium was awarded a licence to issue the CESG Certified Professional (CCP) Mark based on the IISP Skills Framework, as part of a certification scheme driven by the NCSC.

The consortium comprises CREST, the Institute of Information Security Professionals (IISP) and Royal Holloway’s Information Security Group (RHUL), with CREST providing examination for the more technical roles, the IISP certifying competency and RHUL supporting with their experience in setting rigorous and consistent assessment processes.

The certification process is designed to increase levels of professionalism in Information Assurance and uses the established IISP Skills Framework to define the competencies, knowledge and skills required for specialist IA roles. Developed through public and private sector collaboration by world-renowned academics and security experts, the Framework was adopted by GCHQ as the basis for its CESG Certified Professional specification.

This builds on the IISP’s existing competency-based membership programmes, so not only will an individual be certified, but their areas of specialism will be recognised, offering the individual and their customers greater confidence that an individual has the right skills and experience for a role.

For the IA Architect role at Senior/Lead level, candidates will need to have passed the CREST Registered Technical Security Architecture (CRTSA) examination from CREST.  After successfully passing the CREST examination, candidates will be called for interview by the IISP.

Applicants can gain certification in one or more of the following roles:

  • Accreditor
  • IA Auditor
  • Communications Security Officer / Crypto Custodian
  • Information Security Officer
  • Security & Information Risk Advisor
  • IA Architect

Details of the application process and the requirements for this role can be found on the IISP website