Every CREST member company is required to submit policies, processes and procedures relating to their service provision to CREST for assessment. Gaining and maintaining CREST certification is an ongoing process rather than a one-time step – member organisations are required to submit an application annually, with a full reassessment required every three years.
Each CREST member company signs up to a binding and enforceable company code of conduct, which includes processes for resolving complaints.
Only a CREST member company can deliver CREST Approved Pen Testing. It should also be kept in mind that crest approved pen testing takes on average 20% more time to complete over a regular, unregulated, penetration test.