What is CREST looking for to support our answers to the questions contained in the CREST services section?

Every company’s processes are going to be different, but they should all contain clear and unambiguous statements in support of the question posed.  For example, for penetration testing the questions are principally around test initiation, test administration, reporting and client data security.  These questions could be used as the vehicle for structuring company policies and processes that may be missing.  The overall aim is to help companies to mature.