Pentest People Achieves CREST Accreditation

Andrew Mason


Andrew is one of the co-founders of Pentest People. He is a veteran of the Cybersecurity industry with many years of experience in building and running Security focussed businesses

Pentest People are proud to announce that they have just achieved CREST accreditation for Penetration Testing.

What is Crest Accreditation?

CREST accreditation is the not-for-profit body representing the technical information security industry. CREST provides internationally recognised accreditation for organisations and individuals providing penetration testing, cyber incident response and threat intelligence services. All CREST Member Companies undergo regular and stringent assessment; while CREST qualified individuals have to pass rigorous examinations to demonstrate knowledge, skill and competence. CREST is governed by an elected Executive of experienced security professionals who also promote and develop awareness, ethics and standards within the cyber security market.Benefits of CREST Accreditation to a BusinessIndependent, verifiable third party assessment of your security testing business.

Increased speed of engagement with customer procurement processes. Enhanced customer confidence.International credibility.Presence on the CREST Service Selection Platform.Crest Accreditation“We are delighted to welcome Pentest People as a CREST member company,” said Ian Glover, President of CREST. “To become a CREST member, companies go through a very demanding assessment process that examines test methodologies, legal and regulatory requirements, data protection standards, logging and auditing, internal and external communications with stakeholders and how test data security is maintained.

By becoming a CREST member Pentest People is demonstrating its commitment to delivering the highest professional security services standards to its customers.Commenting on Pentest People’s CREST certification, Gavin Watson, Technical Director of Pentest People said, “Achieving the CREST accreditation further backs up the professional level of penetration testing that we provide to our ever growing list of clients.

What's the Application Process Like? 

The application process for CREST accreditation involves several steps to ensure that the company or individual meets the necessary requirements. Here is an overview of what the application process entails:

1. Initial Application: The first step is to submit an initial application to CREST, which includes providing basic information about the company or individual seeking accreditation.

2. Documentation Review: CREST will then review the documentation provided, which typically includes policies, procedures, and evidence of past work.

3. On-Site Assessment: If the documentation review is successful, CREST will conduct an on-site assessment to verify that the company or individual meets the necessary standards. This may include interviews with staff members and reviewing systems and processes.

4. Examination: For individuals seeking CREST accreditation, they will need to pass a rigorous examination to demonstrate their knowledge, skill, and competence in penetration testing.

5. Final Decision: After the on-site assessment and examination, CREST will make a final decision on whether to grant accreditation. If approved, the company or individual will be officially recognized as a CREST member.

Why Do Companies Apply For CREST Accreditation?

Obtaining CREST accreditation offers several advantages to a business. Firstly, it provides an independent and verifiable third-party assessment of the company's security testing capabilities. This accreditation serves as a stamp of approval, giving customers the assurance that the business meets high standards in terms of technical expertise and adherence to best practices.

Furthermore, being CREST-accredited can significantly speed up the procurement process for companies. Many organizations require their vendors to have certain certifications, including CREST accreditation, before they can be considered for a contract. By already having this accreditation, Pentest People can bypass some of the lengthy procurement processes and quickly engage with customers.

In addition to streamlining the procurement process, CREST accreditation also enhances customer confidence. Customers can trust that Pentest People has undergone rigorous testing and evaluation to meet the highest security standards. This can give them peace of mind knowing that their sensitive information and systems are in capable hands.

Moreover, CREST accreditation can also open up new business opportunities for Pentest People. Many government agencies and large corporations require vendors to have CREST accreditation in order to bid on projects or provide security services. 

”Pentest People are a UK-based boutique security consultancy focussing on bringing the benefits of Penetration Testing as a Service (PTaaS) to all its clients. This innovative approach to security testing combines the benefits of a consultant-led penetration test and vulnerability assurance through a technologically advanced SecurePortal, providing a living threat system to its clients and benefit through the life of the contract rather than just a single point in time.

More information on CREST can be found on the CREST Website.

Video/Audio Transcript