CREST Registered Technical Security Architect

The CREST Registered Technical Security Architect Examination (CRTSA) tests candidates’ knowledge and expertise in a common set of core skills and knowledge for systems architects.   In preparation for the role of Technical Security Architect, it is important that candidates understand its purpose which can typically be summarised as driving beneficial security change into a business through the development or review of architectures so that they:

The exam is aimed at individuals seeking to align themselves with the role of a Senior Security Architect and looking to achieve CCP Architect certification (see below).  Successful candidates will have a strong technical ability aligned with experience to recommend high level solutions.  The exam assumes that without adequate technical understanding it is not possible to perform a satisfactory and meaningful risk assessment of the implications of a particular architecture.  Success will confer CREST Registered status to the individual.

Candidates should be able to:

Examination Format
The examination is assessed in both Written Multiple Choice and Written Long Form (scenario).  The multiple choice section measures breadth of technical knowledge;  the scenario paper focuses on design and analysis skills.

You can download the following documents from the links below:

Syllabus for the Registered Technical Security Architect examination
A generic Guide to the Examination

The Registered Technical Security Architect examination costs £395 + VAT.  The examination is currently delivered at CREST examination centres.

Recommended Preparation Material
The following material and media has been cited as helpful preparation for this examination by previous candidates:


Practitioner Certificate in Information Assurance Architecture (PCIAA)
Certified Information Systems Security Professional (CISSP)
Any Information Security Masters Course from a reputable University

It is also recommended that candidates consider common architectures and try to document possible weaknesses and countermeasures.  Candidates should also familiarise themselves with common security solution components and how they can be used.

Useful Information for Candidates
How to book
Details of the Logistics and Timings of CREST examinations can be found in the Examination Preparation pages for your country of choice
CREST’s Policy for Candidates requiring special arrangements including additional time to accommodate a medical condition (including examinations delivered via Pearson Vue)
Terms and Conditions for CREST Examinations (includes hard disk drive wiping policy)

CESG Certified Professional Scheme

Successful completion of this examination will enable candidates to be considered for the CESG Certified Professional Information Assurance (IA) Architect at Senior/Lead level.

As part of the Government’s investment in cyber security, a consortium was appointed by the NCSC (formerly CESG) to provide certification for UK Government Information Assurance (IA) professionals.  The consortium was awarded a licence to issue the CESG Certified Professional (CCP) Mark based on the IISP Skills Framework, as part of a certification scheme driven by the NCSC.

The consortium comprises CREST, the Institute of Information Security Professionals (IISP) and Royal Holloway’s Information Security Group (RHUL), with CREST providing examination for the more technical roles, the IISP certifying competency and RHUL supporting with their experience in setting rigorous and consistent assessment processes.

The certification process is designed to increase levels of professionalism in Information Assurance and uses the established IISP Skills Framework to define the competencies, knowledge and skills required for specialist IA roles. Developed through public and private sector collaboration by world-renowned academics and security experts, the Framework was adopted by GCHQ as the basis for its CESG Certified Professional specification.

This builds on the IISP’s existing competency-based membership programmes, so not only will an individual be certified, but their areas of specialism will be recognised, offering the individual and their customers greater confidence that an individual has the right skills and experience for a role.

For the IA Architect role at Senior/Lead level, candidates will need to have passed the CREST Registered Technical Security Architecture (CRTSA) examination from CREST.  After successfully passing the CREST examination, candidates will be called for interview by the IISP.

Applicants can gain certification in one or more of the following roles:

Details of the application process and the requirements for this role can be found on the IISP website