Commissum

CREST Testing


CREST TestingAs a CREST member company, Commissum has been verified as meeting the rigorous standards mandated by CREST.

CREST (Council of Registered Ethical Security Testers) is a trade association, operated as a not-for-profit organisation governed by a formal Memorandum of Association (MOA) as a company limited by guarantee.

Companies such as Commissum are invited to join the trade association as members, subject to certifying that they meet CREST’s rigorous minimum standards in all areas. These standards cover ethics, methodologies, and technical capability.

CREST is a standards-based organisation for penetration test suppliers, incorporating a best practice technical certification programme for individual consultants. The fact that CREST assesses the credibility and capability of the member company as well as the consultants engaged for penetration testing is only matched by one other scheme; the government CHECK scheme operated by CESG (the UK government’s National Technical Authority for Information Assurance). CESG also recognises the equivalence of the CREST exams for assessing the competence of penetration test consultants.

Additionally, CREST provides its members with a framework of guidance including standards, methodologies and recommendations, which is aimed at ensuring the very highest standards of leading-edge security testing. In engaging with a CREST accredited company, clients can be confident that work will be carried out by qualified individuals with an up to date knowledge of the latest vulnerabilities and techniques used by real attackers, backed by a company with proven methodologies for the secure storage and protection of their data.

Commissum is a full CREST member company, and therefore able to conduct CREST Approved Testing. In contracting with Commissum as a CREST member organisation to perform security testing, clients can rest secure in the knowledge that the work will be carried out to rigorous standards by qualified and knowledgeable individuals.