Select Page

 What is CREST?

The Council of Registered Ethical Security Testers (CREST) accredits and certifies organisations and individuals who provide Informational Technology (IT) security services such as penetration testing, cyber incident response, threat intelligence and Security Operations Centre (SOC) services.

Established in the United Kingdom (UK) in 2006, CREST has since grown to become an international not-for-profit association that regulates and supports the cybersecurity market in the UK, Australia, Hong Kong, Singapore and the USA, providing benchmarks for the industry globally.

Why is it important to engage CREST approved companies in Hong Kong?

CREST certifies that cybersecurity service providers, like Nettitude, have the capability to accurately assess your company’s web applications, networks and other IT infrastructure and how well they are protected against cyber threats.

All CREST member companies have their business policies, processes, procedures and information security testing methodologies stringently assessed. This is to ensure that companies with the CREST accreditation can competently provide accurate IT security assessments to organisations in Hong Kong seeking cyber protection.

All CREST qualified individuals sit for professional level examinations that test their knowledge and skills.

What types of tests do CREST approved companies have to pass?

When companies apply to be a CREST accredited company in Hong Kong, they are required to submit several documents that rigorously assess the quality of their structure, processes and methodologies to carry out tests such as Vulnerability Assessment and Penetration Testing (VAPT) and cybersecurity Incident Response. They provide information of their company’s details, Human Resource (HR) management, and procedures for the handling of contracts and complaints.

Companies need to have the proper organisation in place, to facilitate requests and support the needs of clients throughout the lifecycle of onboarding, understanding the scope of the task, executing and final reviewing. It would require competent individuals with strong language capabilities and the ability to intuitively understand the clients they deal with.

To further enforce a high degree of accountability, all CREST member companies sign a code of conduct document which legally binds them, ensuring they adhere to a code of ethics, only submitting documents that are accurate.

Why Nettitude?

Nettitude is a CREST approved company and an active member of CREST and our security team consists of CREST Certified Infrastructure Testers (CCT Inf), CREST Certified Web Application Testers (CCT App) and CREST Registered Testers (CRT).

When looking to protect your company’s networks, you want to be assured that you are engaging the services of a credible security company that has rigorous checks in place. Without internationally recognised certification, it is hard to determine whether an IT company has the appropriate knowledge, skills and experience required to provide the right services and solutions for your business.

Nettitude engages a credible third party body like CREST so rest assured that our services, products and professional team meet high standards.

Frequently Asked Questions about CREST

What types of tests do CREST Certified Professionals have to pass?

CREST Certified Professionals sit for examinations that are industry recognised, testing their skill, knowledge and competence. They also should have accumulated about five years of experience (equivalent to ten thousand hours). Through their knowledge and experience, they have the expertise to run full testing programmes, leading other security professionals and fully supporting a client’s needs.

Do CREST qualifications expire?

To ensure quality and those high standards are always maintained, CREST members have to re-submit their entry every year and a full reassessment every three years. All CREST qualified professionals have to also sit for their examinations every three years.

What different disciplines does CREST provide accreditation for?

CREST provides accreditation for Penetration Testing, STAR (Simulated Targeted Attack and Response) Intelligence-Led Penetration Testing, cybersecurity Incident Response, STAR Threat Intelligence, Security Operation Centre (SOC) and Vulnerability Assessment.

Get a free quote

speak to our experts