In accordance with CREST’s stated aim ‘to increase professionalism in the security testing industry’, CREST places requirements on member companies in order to ensure that a consistent standard of testing services are delivered.
The requirements fall into 4 main areas:
Prior to applying to join CREST, prospective member companies are encouraged to review the requirements documents and ascertain their compliance status.
Prospective CREST Member Companies can apply for membership in any or all of the following disciplines:
After receipt of an expression of interest, CREST will send you a documentation pack containing:
The company membership application form is a comprehensive form requiring a prospective member company to self-certify that they are compliant with the various CREST requirements.
During the application process, we will require copies of the certain documents. These include:
Please consult our Frequently Asked Questions document regarding completion of the application form. Please note that all supporting documentation must be emailed to CREST for audit.
Prospective Member Evaluation
Companies can apply for assessment for any one or any combination of the following disciplines:
The same membership fee applies whether a company seeks assessment to one or both disciplines.
CREST carries out an assessment of your application based on the information provided in your application form following which CREST reserves the right to carry out an audit of your processes and procedures against the CREST standards.
Your point of contact will be kept informed during this process in order that any issues may be resolved.
In the event of a membership application not meeting the guidelines, further supporting evidence will be requested for review, prior to a decision being made.
Start Date and Duration of Membership
You will be notified when your application has been approved. Your membership will start immediately upon notification and will be valid for one year. Notification will be made via email to your point of contact as provided in the company application form.
At the start of your membership, a certificate will be sent to the point of contact provided in your application form and your company details will be posted on this website.
Use of Contractors for CREST tests
CREST does not prohibit the use of contractors on CREST tests. However, it is essential that all members of a CREST test follow CREST standards for test conduct and methodology and confirmation of this is included in the membership application form.
To this end we require that contractors agree to follow the CREST approved procedures and methodologies of the company to which they are contracting. This must be agreed in writing and form part of the contract, along with any further conditions as required by the end client.
Full details are available from [email protected].
Membership fees will be applied as follows:
i) £5,000 pa for membership of one country Chapter
ii) £7,000 pa for membership of one region and any of its associated country Chapters
iii) £25,000 pa for global membership (all regions and associated country Chapters)
Recognition for member companies will be as follows (respectively):
i) Identified as a member of that country (only)
ii) Identified as a member of that region and of individual countries within that region
iii) Identified as a global operator
As an illustration:
Subscriptions will be based on a member company’s area of operation in a country or region and associated with an address (ie. an office). Existing Member companies will be invited to choose which countries and regions they wish to be attached to. The most a company will have to pay is £25,000 per annum to be attached to all CREST Chapters in all regions around the world. The definition of CREST’s membership regions is available here.
Existing Members will have the opportunity to add Chapter membership to their subscription as new Chapters are established.
There is a £750 assessment fee for company membership. This includes all support and liaison with CREST regarding the application. The fee will cover both Cyber Incident Response membership and Penetration Testing membership. There is no discount for applying for only one of the membership categories.
For existing CREST member companies there will be no additional membership charge although an administration fee of £500 will be levied against existing CREST members seeking assessment under an additional category.
CREST reserves the right to conduct a full assessment every three years requiring a full re-submission of all documents. If called for, there will be an assessment fee of £750 for this.
Applying for CREST company membership
If you wish to become a CREST member company please register your interest by emailing [email protected].