Anyone with a computer and an Internet connection can set themselves up as a penetration testing or cyber incident response service provider. These could include irresponsible organisations that do not have in place policies, processes and procedures to ensure quality of service and protection of client based information. The individuals employed by these companies may have no demonstrable skill, knowledge or competence in the provision of security testing.
CREST is an International not-for-profit accreditation and certification body that represents and supports the technical information security market. CREST requires a rigorous assessment of business processes, data security and security testing framework to demonstrate a level of assurance that the information security methodologies used can competently and securely provide customers with a robust assessment of their cyber security posture.
As a result, CREST only provides accreditation to highly trusted professional services organisations, and their employees who provide the often sensitive and high-risk penetration testing, cyber incident response, threat intelligence and security operations centre services.
All CREST accredited member companies are required to submit policies, processes and procedures relating to their service provision to provide added assurance for the buying community. These policies, processes and procedures include:
- References for certified individuals
- Assignment preparation and scope processes
- Assignment execution processes
- Technical methodology
- Reporting templates
- Data storage and Information Sharing policies
- Post technical delivery methodologies
- Asset/Information/Document storage, retention and destruction processes
The buying community needs to be in a position where it can procure services from a trusted company with access to demonstrably professional technical security staff. CREST provides the buying community with a clear indication of the quality of the organisation and the technical capability of staff they employ.
JDS is a proud CREST (Intl) accredited member company who can confidently provide our customers the added reassurance that our services meet the highest professional and security standards.