Apply for a Professional Title through CREST

The Security Testing specialism involves evaluating the security of systems and networks through various testing methodologies. Professionals in the Security Testing field are essential for identifying and addressing vulnerabilities, and ensuring the robustness and resilience of systems against potential threats.

Key Areas of Competence:

– Penetration Testing: Simulating cyber-attacks to identify vulnerabilities.

– Vulnerability Assessment: Systematically reviewing systems for security weaknesses.

– Security Audits: Comprehensive reviews of security policies and procedures.

CREST offers the following titles:

– Practitioner Cyber Security Professional (PraCSP)

– Principal Cyber Security Professional (PCSP)

– Chartered Cyber Security Professional (ChCSP)

Entry requirements 

The application form includes both technical and non-technical competency questions based on the UK Cyber Security Council Standard for Professional Competence and Commitment (UK CSC SPCC). 

For the Security Testing specialism, a contextualisation document has been created that outlines the types of evidence you can provide to meet the competence and commitment statements 

The application form is straightforward and includes the following sections: 

– Your Details 

– Competence and Commitment Evidence (A, B, C, D, E) 

– Employer Recommendation (Professional Registration Attestation) 

– Declaration 

Note that the requirements below are required to fulfil the technical element (Competence A) for Practitioner, Principal and Chartered Security Testing titles:

The Incident Response specialism focuses on preparing for, managing, and recovering from cyber security incidents. Professionals in this field are crucial for minimizing damage and preventing future incidents.

Key Areas of Competence:

– Preparation: Developing and maintaining incident response plans, policies, and procedures.

– Detection: Monitoring systems to identify potential security breaches.

– Response: Analyzing and responding to incidents to mitigate impact.

– Recovery: Restoring systems and data to normal operations.

– Lessons Learned: Analyzing incidents to improve future response efforts

CREST offers the following titles:

– Practitioner Cyber Security Professional (PraCSP)

– Principal Cyber Security Professional (PCSP)

– Chartered Cyber Security Professional (ChCSP).

Entry requirements 

The application form includes both technical and non-technical competency questions based on the UK Cyber Security Council Standard for Professional Competence and Commitment (UK CSC SPCC). 

For the Incident Response specialism, a contextualisation document has been created that outlines the types of evidence you can provide to meet the competence and commitment statements 

The application form is straightforward and includes the following sections: 

– Your Details 

– Competence and Commitment Evidence (A, B, C, D, E) 

– Employer Recommendation (Professional Registration Attestation) 

– Declaration 

Note that the technical element of the Incident Response specialism (Competence A) for Practitioner, Principal, and Chartered titles does not require a mandated qualification.

The Associate level has no specialism. It is ideal for those starting their career in cyber security, demonstrating foundational knowledge and readiness for professional roles. Professionals at this level are crucial for supporting the implementation of security measures and contributing to the overall security posture of an organization.

Key Areas of Competence: 

– Cyber Security Knowledge: Basic principles and practices. Effective application in defined roles.

– Communication Skills: Clear communication with technical and non-technical audiences.

– Management Skills: Developing management skills through supervised activities.

– Integrity and Ethics: High standards of integrity and ethical conduct.

– Continuous Development: Commitment to ongoing personal and professional growth.

CREST offers the following titles:

Associate Cyber Security Professional (ACSP).

Entry requirements 

The application form includes both technical and non-technical competency questions based on the UK Cyber Security Council Standard for Professional Competence and Commitment (UK CSC SPCC). 

For Associate Cyber Security Registration, a contextualisation document has been created that outlines the types of evidence you can provide to meet the competence and commitment statements 

The application form is straightforward and includes the following sections: 

– Your Details 

– Competence and Commitment Evidence (A, B, C, D, E) 

– Employer Recommendation (Professional Registration Attestation) 

– Declaration 

Note to qualify for the Associate Cyber Security Professional (ACSP) title, candidates must hold at least one of the following qualifications to fufil the technical element (Competence A): 

– Regulated Qualifications Framework (RQF): Level 3 

– International Equivalency: Level 3 

– Credit and Qualifications Framework for Wales (CQFW): Level 3 

– Scottish Credit and Qualifications Framework (SCQF): Level 6 

– Skills Framework for the Information Age: Level 1 

– CIISec Skills Framework: Level 2 

– NICE Cybersecurity Workforce Framework: ‘Entry’ level.

*Except for Associate level where price is yet to be determined.

For employees of CREST member companies, CREST is offering a special 30% discount for applications submitted until 1 July 2025. (Note this excludes current CHECK Team Leaders for whom a separate process exists).

Payment can be made using a debit or credit card and the fee is non-refundable. Further information on payment will be provided once you have filled in the registration form.

Following successful registration annual renewal fees of £99 + VAT apply to remain on the register.

If the submitted application is considered borderline** the fee includes one opportunity to strengthen the application. This will take the form of either a request for additional evidence or being invited for a discussion via a video call, as determined by CREST.

If the application is unsuccessful, where applicable, you can request that the application is assessed at the level below at no additional charge.

* Please use your company email address when registering to confirm eligibility for this rate.

** Based on CREST’s assessment of the application.