Regions icon
Membership icon
Certification icon

The CREST OVS Accreditation Process

The accreditation process

CREST OVS provides increased levels of assurance for application security assessments.

The programme has been built in consultation with OWASP, and it measures an organisation’s ability to execute and deliver assessments related to Level 1 and Level 2 of OWASP’s Application Security Verification Standard (ASVS) and Mobile Application Security Verification Standard (MASVS).

By leveraging the ASVS and MASVS, CREST is formally supporting the Open Source community to build and maintain global standards.

Organisations are required to apply to CREST OVS and demonstrate at the corporate level that they can deliver the programme requirements.

In addition to this, to become accredited to OVS organisations need to ensure that their teams have all completed the Skilled Persons Register, and individually signed the CREST Code of Conduct.

CREST OVS has a series of explicit requirements designed to harness the capabilities of the organisation and the skills and competencies of its security testers. It will provide the highest levels of assurance to buyers of application security assessments.

This programme will be able to offer higher levels of assurance to buyers of application security assessments services than any programme that has been launched previously.

A tiered approach

Based on OWASP’s ASVS and MASVS frameworks, the CREST OVS provides the industry with a comprehensive accreditation service that is founded on global open source standards.

Members can be assessed against the frameworks at both levels 1 & 2.

This ensures a rigorous process that delivers a world-class accreditation to successful applicants.

Industry alignment

There is flexibility in the ASVS and MASVS to deliver a standards-based programme for different industries.

The expectation is that CREST OVS Accredited Providers will signpost the right programme for industry.

As part of the sign-off process, service providers will formally attest that they believe the ASVS/MASVS level chosen was correct.