Membership FAQs

Membership

How long does membership last?

Membership lasts for 12 months and is renewed annually. Members will receive a renewal reminder before their renewal date.

What happens if we add an accreditation to our membership?

The accreditation will be added to your existing membership without affecting your membership start or end date. If your membership is active, the accreditation will be added immediately upon approval of your application.

When do we get listed on the CREST website and receive our award?

– New members: you will be listed on the CREST website once all applicable fees have been received. At this point, you will also gain access to CREST marketing materials, including badges and certificates.

– Existing members adding an accreditation: updates to certificates and website listings will occur after approval of your application.

Can we apply for multiple accreditations?

Yes, organisations can apply for multiple accreditations. Each accreditation has its own application and assessment process, and all accreditations are tied to the same membership.

What happens if our membership expires before an accreditation application is approved?

If your membership expires before your accreditation application is processed, you will need to renew your membership to maintain eligibility for accreditation.

How do we renew our membership?

Membership renewal notices are sent before expiry. Renewal requires payment of the membership fee and confirmation of continued compliance with our membership requirements.

Do accreditations need to be renewed separately from membership?

Accreditations are included in the annual renewal, including periodic reassessment to ensure continued compliance with our standards.

Do we pay an application fee to renew?

No, the annual renewal process does not have an application fee. Members are only required to pay the annual subscription fees applicable to their membership.

Can we change our membership during a membership period?

Yes, you can add additional subscriptions or amend your membership details during an active membership period.

Can we cancel our membership?

Yes, you can cancel your membership at any time. However, subscription fees are non-refundable, and no pro-rata refunds will be issued.

Are we required to provide client information and related agreements?

The accreditation process requires organisations to provide evidence to support their application. However, information should be anonymised where appropriate to ensure the confidentiality of any client-specific details. Organisations should provide redacted or anonymised evidence where necessary to demonstrate compliance with accreditation requirements.

How is the confidentiality of the answers provided in the application form assured?

The CREST Business Terms and Conditions include provisions to protect the confidentiality of information submitted during the application process. All application responses are accessible only to the Accreditation Team for assessment purposes.

Limited information may be shared internally to facilitate the administration of membership. In cases where an application is linked to a partner program or scheme, relevant details may be shared with the appropriate parties involved in that program. However, we maintain strict confidentiality measures to ensure that sensitive information is handled securely and appropriately.

What are the accreditation requirements?

The accreditation requirements are defined in the relevant standard, which can be accessed on our website here: Accreditation Standards

Each standard is supported by the CREST general company requirements, which must be met during the initial application to become a CREST Member.

Organisations are encouraged to review the requirements carefully and utilise the available tools to assess their readiness for accreditation.

Do we need to hold any industry or individual certifications?

No, holding industry or individual certifications is not a mandatory requirement for accreditation. However, we encourage organisations to obtain certifications in areas such as information security and quality management.

The absence of these certifications will not prevent a successful application, provided that appropriate alternative measures and controls are in place to demonstrate compliance with the accreditation requirements.

Certain schemes and programs may have specific individual certification requirements, which will be outlined on the relevant pages of our website. Organisations should review these requirements carefully when applying.

What can we do if our application is rejected?

If your application for membership of CREST is rejected, you have the right to appeal. The guidelines and procedures in our Membership Appeals Procedure will apply and you can download a copy of these below:

Membership Appeals Procedure

Our application was rejected. Can we resubmit?

Yes, the accreditation process allows for a single resubmission. Organisations should use this opportunity to address identified areas for improvement and provide any additional supporting information needed.

If the application is not successful following the resubmission, the Accreditation Team will provide further guidance on potential next steps.

Who is on the Membership Appeals Committee?

An Appeals Committee will be selected based on relevance, qualification and impartiality to the appellant specifically for each appeal raised. Membership of the Appeals Committee will be discussed and agreed with the appellant prior to any information regarding the application being passed to them or to them hearing the details of the appeal.

What evidence do we need to supply?

Each Accreditation Standard outlines the objectives and assessment requirements that organisations must meet. The application forms include example evidence that may be provided, but these are only suggestions.

Organisations are encouraged to submit evidence that best demonstrates their approach and the practical operation of their activities. Evidence should be presented in a format that aligns with the organisation’s method of delivery while meeting the accreditation requirements.

How long does it take to review an application?

Applications are reviewed within six weeks from the date of submission.

You can track the progress of your application in the Assessment Platform, and the Accreditation Team will communicate with you if any clarifications or additional information are required.

What benefits do we get with our membership?

You can discover the benefits of the different stages of our accreditation pathway on our dedicated page: CREST benefits

We do not provide any cyber security services - how can we get involved?

If your organisation does not directly provide cyber security services but still wants to support the industry, you may be eligible to join as a CREST Community Supporter. This programme is designed for organisations that contribute to the cyber security ecosystem through technology, training, research, or advocacy.

Learn more about becoming a Community Supporter here: Community Supporters

Fees

Why is the application fee required at the start of the application?

This fee ensures applicants are committed to the process and covers both the initial assessment and a single resubmission if needed, helping organisations successfully achieve accreditation.

Why is there a joining fee?

We have been built and strengthened over the years by our long-standing Members, who have contributed both financially and through active participation in our initiatives.

The joining fee reflects a new Member’s contribution to the ongoing development of CREST, supporting:

– The continuous improvement of accreditation standards and certifications.
– The expansion of our global reach and industry influence.
– The development of resources, research, and best practices that benefit all members.

This one-time fee ensures that new members help sustain and grow the high standards and collaborative environment that we provide.

How does the joining fee work?

– The joining fee is charged only once upon approval of a membership application.

– Organisations applying for additional accreditations under an existing membership do not pay this fee again.

– Membership renewals do not require payment of the joining fee.

Why is there an annual membership subscription?

Our membership subscriptions support:

– The maintenance and enhancement of our accreditation standards.
– The global promotion of CREST-accredited services to buyers.
– Access to industry insights, research, and networking opportunities for Members.

Membership subscriptions ensure ongoing value for organisations, strengthening their credibility and market positioning in the cyber security industry.

Can we apply for multiple accreditations?

Yes, organisations can apply for multiple accreditations. Each accreditation requires a separate application and application fee.

We are already a CREST Member. What fees do we need to pay if we want to add another accreditation?

If your organisation is already a CREST Member and you want to add another accreditation, you will need to pay:

– Application fee – a non-refundable fee required when your accreditation application is approved. This covers the assessment and one resubmission if necessary.

– Accreditation subscription fee (if applicable) – some accreditations have an ongoing annual fee in addition to the standard Membership Subscription.

No additional joining fee or annual subscription fee is required.

Can we have more than one annual membership subscription?

Yes. CREST Members can have multiple regional subscriptions if they operate in different geographic regions. However, if you choose a global subscription, this covers all regions, and additional regional subscriptions are not required.

If you add new services that require an accreditation subscription fee, this will be charged in addition to your annual membership subscription.

When do we pay the fees?

– Application fees – paid at the start of the accreditation application process.

– Joining fee – paid upon approval of your membership application before your membership is confirmed.

– Annual membership subscription – paid annually to maintain membership.

– Accreditation subscription fees – paid annually for applicable accreditations.

How and when do we pay fees?

We will invoice or provide a payment link when a fee is due. Payment is triggered by events such as:

– The approval of an accreditation application.

– The approval of a membership application.

– Annual renewals for membership or applicable accreditations.

What currency can we pay our fees in?

We accept payment in the following currencies:

– GBP (British Pounds)

– EUR (Euros)

– USD (US Dollars)

– SGD (Singapore Dollars)

– AUD (Australian Dollars)

How does annual revenue apply if cyber security is only part of a larger business?

We assess annual revenue based on the total revenue of the legal entity applying for membership and accreditation. If the cyber security division operates as a separate part of the business, with its own financials, then its revenue alone may be considered.

Can we split our membership payment or pay in instalments?

Membership fees are due in full at the time of application.

Lower-income country discount

What is the lower-income country discount?

The lower-income country discount is a 50% reduction in fees for businesses based in low or lower-middle income economies, as classified by the World Bank. The discount is designed to support cyber security capacity building and improve global standards.

What fees does the discount apply to?

The discount applies to:

– Pathway fees (Pathway and Pathway+)

– Membership application fee

– Membership joining fee and annual subscription (if the company remains below the revenue threshold after full membership is granted)

Who qualifies for the discount?

To qualify, a company must:

– Be headquartered in a country classified as low or lower-middle income by the World Bank

– For membership fees (annual subscription & joining fee), have an annual revenue below GBP 5m (USD 6.1m, SGD 8.2m, AUD 8.25m, EUR 5.7m)

Does the discount apply indefinitely?

The discount applies as long as the company meets the eligibility criteria. Eligibility is reassessed whenever a fee is due.

What happens if a company exceeds the revenue threshold?

If a company surpasses the revenue threshold after attaining full membership, the discount will no longer apply for future fees.

How can a company apply for the discount?

Companies applying for Pathway, Pathway+, or membership will automatically be assessed for eligibility based on their country of headquarters and declared revenue. No separate application is required.

How does the World Bank classification affect eligibility?

The World Bank updates its income classifications annually. Companies must check if their country remains in the low or lower-middle income category. If a country’s classification changes, the discount may no longer apply.

What proof is required to confirm eligibility?

Companies may need to provide supporting documentation, such as financial statements, to verify their annual revenue and confirm their headquarters location.

Can companies reapply for the discount if they previously lost eligibility?

Yes. If a company’s revenue decreases below the threshold or if the World Bank reclassifies its country to a lower income level, the company may qualify again for the discount upon reassessment.