CREST is a not for profit organisation that serves the needs of a technical information security marketplace that requires the services of a regulated professional services industry.

CREST represents the technical information security industry by:

  • offering a demonstrable level of assurance of processes and procedures of member organisations
  • validating the competence of their technical security staff
  • providing guidance, standards and opportunities to share and enhance knowledge
  • providing technical security staff recognised professional qualifications and those entering or progressing in the industry with support with on-going professional development

Working alongside the Bank of England (BoE), government and industry, CREST developed a framework to deliver controlled, bespoke, intelligence-led cyber security tests. STAR (Simulated Target Attack and Response) incorporates penetration testing and threat intelligence services to accurately replicate threats to critical assets. The STAR scheme is a prerequisite for membership of the BoE CBEST scheme, used to provide assurance to the most critical parts of the UK’s financial services.