Procuring Trusted Cyber Security Services

Posted by Jordan Healy on 24 June 2026

New guide helps organisations strengthen cybersecurity procurement and supplier assurance

CREST International publishes practical procurement guidance for organisations across Australia and New Zealand

Sydney, 24 June 2026 – CREST International has published a new Cybersecurity Procurement Guide for Australia and New Zealand, providing organisations with practical advice on selecting trusted cybersecurity service providers and strengthening supplier assurance.

As organisations continue to invest in cyber resilience and manage increasing third-party risk, procurement teams and security leaders face growing pressure to ensure cybersecurity services are delivered by capable, trustworthy, and professionally qualified providers.

The new guide has been developed to help organisations make more informed procurement decisions and provides practical considerations for procuring services including penetration testing, red teaming, threat intelligence, incident response, and Security Operations Centre (SOC) services.

Procurement decisions matter

Cybersecurity services can be complex and difficult to evaluate. Selecting the wrong provider can introduce operational, regulatory, financial, and reputational risks, while limiting the effectiveness of security investments.

The guide encourages organisations to look beyond cost and marketing claims by considering factors such as governance, professional competence, quality assurance, independent accreditation, and supplier maturity.

Supporting better buying decisions

The publication outlines:

Cybersecurity procurement best practices
Supplier evaluation and assurance considerations
The role of independent accreditation and certification
Practical procurement checklists
Recommended RFT and RFP wording
Guidance across key cybersecurity disciplines

The guide is designed for procurement professionals, CISOs, cybersecurity leaders, risk and compliance teams, government agencies, critical infrastructure operators, and enterprise organisations responsible for selecting and managing cybersecurity suppliers.

Building trust through independent assurance

CREST International believes that independent accreditation and professional certification play an important role in helping organisations assess cybersecurity providers and reduce procurement risk.

By providing buyers with practical guidance and objective evaluation criteria, the guide aims to support stronger procurement outcomes and greater confidence in the cybersecurity services being procured.

Industry-wide relevance

While developed for organisations in Australia and New Zealand, many of the principles contained within the guide are relevant to organisations globally seeking to strengthen cyber resilience, improve supplier assurance, and make more informed cybersecurity procurement decisions.

As cybersecurity continues to become a board-level and business-critical issue, the need for trusted, independently validated cybersecurity services has never been more important.

Download the guide

Download the guide

The Cybersecurity Procurement Guide for Australia and New Zealand is available to download above.

Search for accredited cybersecurity providers here.

About CREST International

CREST International is a global not-for-profit accreditation and certification body representing the cybersecurity industry. Through rigorous accreditation standards, professional certifications, and industry collaboration, CREST helps organisations, governments, regulators, and the buying community build trust in the cybersecurity services they procure and consume.

New guide helps organisations strengthen cybersecurity procurement and supplier assurance

Procurement decisions matter

Supporting better buying decisions

Building trust through independent assurance

Industry-wide relevance

Download the guide

About CREST International

You may be interested in reading this...