Membership of CREST offers assurance that its member companies have appropriate policies, processes and procedures in place to ensure that work is conducted to a high standard. Using qualified staff for such work helps to ensure that this is achieved. The sign-off for deliverables by qualified staff places a strong emphasis on the individual conducting the test to ensure that the work has been quality assured and they are content to put their name to it. Enforceable Codes of Conduct and a formal complaints process further add to the assurance of quality.

CREST will support applicant companies through the membership application process where possible and within reasonable boundaries – it is not a one-time pass or fail test.

The CREST membership application process is managed through our online Membership Portal.

The Frequently Asked Questions below reflect common issues that CREST has addressed with potential members over a number of years. They appear in the order that they are likely to arise on the application form.

They do not make the assumption that every potential member is as familiar with some aspects of information security as the next and so provide both explanations and general advice in some areas in order to allow organisations to make informed decisions. Some general background information is also included for enhanced understanding of certain aspects covered in the form.

If you have a question that is not addressed here, please email [email protected].