by peter


CREST accredited penetration testing (also referred to as pentesting, pen testing and the often confusing PEN testing. (No, we do not know why people capitalise the shortening of Penetration either)) is a type of ethical or white hat hacking engagement designed to identify and address security vulnerabilities in your people, processes and technology. Most often a penetration test is focused on an element of your technology, such as networks, systems and applications. Pen testing takes different forms and can cover many areas. However, not all penetration testing companies work to the same standards, so there can be an inherent risk in allowing a provider to access important assets and data.

CREST penetration test is an assessment conducted by a CREST-accredited provider. CREST accreditation demonstrates that a company conducts and documents penetration testing in accordance with the highest legal, ethical and technical standards.

In order to perform CREST accredited testing, a testing company must have in place the following:

  • ISO9001 certification
  • ISO27001 certification
  • Cyber Essentials certification
  • Cyber Essentials Plus certification
  • Professional Liability insurance
  • Public Liability insurance
  • Crest Registered Testers on staff
  • A fully documented complaints process

This all takes time and investment which is why you will find that CREST accredited penetration testing costs more than run-of-the-mill, off-the-shelf penetration testing that can be purchased from the unregulated testing market.