Login to profile

Accreditation

Accreditation overview

The limited barriers to forming a cyber security company, combined with the mushrooming demand for cyber services, mean that more and more start-ups have been formed in our sector. Added to which, as the world becomes increasingly connected, the likelihood is that there will be sustained growth in demand for cyber security services.

Against this backdrop, our mission is to support our members in demonstrating their capabilities and competencies in a growing and increasingly crowded marketplace.

We are continually evolving our accreditation processes in response to demand, including the introduction of a tiered accreditation framework that gives members greater scope to market their services.

 

In accordance with our stated aim “to increase professionalism in the security testing industry”, we place requirements on member companies in order to ensure that consistent standards of services are delivered.

The requirements fall into 4 main areas:

  • Company operating procedures and standards
  • Personnel security and development
  • Approach to testing and response
  • Data security

Prior to applying to join, prospective member companies are encouraged to review the requirements documents and ascertain their compliance status.

Prospective member companies can apply for membership in any or all of the following disciplines (see Discipline requirements link on the right of this page):

  • Penetration Testing
  • Vulnerability Assessment
  • Intelligence-Led Penetration Testing (CREST STAR)
  • Threat Intelligence
  • STAR-FS
  • Cyber Security Incident Response
  • SOC

Application Process

You should first register an expression of interest in membership with us. You can do this by clicking the ‘register your interest’ button on the right of this page.

After receipt of an expression of interest, we will ask you to sign a mutual NDA. Once an NDA has been signed, we will provide you with login details to our Membership Portal.

The company membership application form is a comprehensive form requiring a prospective member company to provide evidence that they are compliant with the various CREST requirements.

During the application process, we will require copies of certain documents. These include:

  • General company details;
  • Copy of a professional indemnity insurance certificate or company letter confirming level of professional indemnity insurance;
  • Contract management, including a copy of a sample contract with terms and conditions;
  • Policies and procedures relating to the use of contractors, including a copy of a sample contract with terms and conditions;
  • Copies of standards compliance certificates (e.g. ISO27001, ISO9001).
  • Quality processes and procedures;
  • Information Security processes and procedures;
  • Complaint Handling and Conflict of Interest policies.

Please consult our Frequently Asked Questions regarding completion of the application form. Please note that all supporting documentation must be uploaded to the CREST membership portal for audit.

Each discipline has its own separate application form where CREST will review specific methodologies for delivering the service you are applying for.

Prospective Member Evaluation
Once your application has been submitted, one of the accreditation team will conduct a thorough review of your application based on the information provided in your application forms and supporting documentation.  An application fee becomes payable once you have submitted your documents.  Feedback will be provided within six weeks of submission.  We reserve the right to carry out an onsite audit of your company against our standards.

Once feedback has been provided, applicants have 90 days to re-submit your application to us.  There is no additional charge to do this. If the application is submitted outside of these 90 days a new application may be required.  Feedback will be provided to your point of contact during the review processes that any issues may be resolved.

In the event of a membership application not meeting the guidelines, further supporting evidence will be requested for review, prior to a decision being made.

Start Date and Duration of Membership
Your point of contact will be notified when your application has been approved.  Your membership will start from the first of the next calendar month after notification and will be valid for one year.  This is subject to receipt of any outstanding documentation and payment of your annual membership fee.

At the start of your membership, a certificate will be sent to the point of contact provided in your application form and your company details will be posted on this website based on the details provided within your application documentation.

Use of Contractors for CREST tests
We do not prohibit the use of contractors on CREST tests.  However, it is essential that all members engaged in a CREST test follow our standards for conduct and methodology and attestation to this is included in the membership application form.

To this end we require that contractors agree to follow the CREST approved procedures and methodologies of the company to which they are contracted.  This must be agreed in writing and form part of the contract, along with any further conditions as required by the end client.

Full details are available from [email protected]

Begin your membership journey.

icon
Register your interest