All CREST member companies have submitted policies, processes and procedures relating to their service provision to CREST. These documents have been assessed and deemed fit for purpose by CREST. Resubmission is required every year and a full reassessment is required every three years to ensure compliance has been maintained. The CREST member company signs up to a binding and enforceable company code of conduct that ties them to their CREST submission. They also agree to align their complaints process with that of CREST. This forms the basis of any complaint and resolution measure.
- CREST qualifications have been reviewed and endorsed by governments and regulators.
- All CREST qualified professionals have to resit the examinations every three years.
- All those holding a CREST qualification have signed a personal code of conduct. This ensures that they act in an ethical manner and adhere to the policies, processes and procedures of the CREST Member company they are working for.
CREST Certified Testers (CCT) have passed an industry recognised set of examinations to demonstrate their skill, knowledge and competence. These individuals will typically have at least 10,000 hours’ (five years plus) of relevant professional experience. They are capable of working independently, running full testing programmes and managing and co-ordinating teams.
CREST Registered Testers (CRT) have passed an industry recognised set of examinations to demonstrate their skill, knowledge and competence. These individuals will typically have at least 6,000 hours’ (three years plus) of relevant professional experience and be in a position to work independently on assignments.
CREST Practitioner Security Analysts (CPSA) have passed the entry level examination into the profession and and typically have around 2,500′ hours of relevant professional experience and are capable of conducting routine assignments under general direction.