Cobalt is excited to announce that we are officially a “CREST Penetration Testing Service” Provider.
What is CREST
CREST is a not-for-profit accreditation and certification body that represents and supports the technical information security market. It is a globally recognized cyber assurance body for the technical security industry, and was created to help increase professionalism in the security testing industry. Its membership and methodology requirements are designed to establish and maintain a consistent standard of pentest quality amongst its members.
Why Cobalt Decided to get Certified
At Cobalt, we care about quality whether that be creating a dynamic report, hiring phenomenal security talent, or offering an overall stress-free pentest experience. We see our CREST certification as outside validation of that quality and are honored to be listed under CREST certified “Penetration Testing Services” vendors. It demonstrates a level of assurance of our processes and procedures.
“We are delighted to welcome Cobalt.io as an Accredited CREST Member company. To become a CREST Member, companies go through a very demanding assessment process that examines test methodologies, legal and regulatory requirements, data protection standards, logging and auditing, internal and external communications with stakeholders and how test data security is maintained. By being CREST Accredited for its penetration testing services, Cobalt.io is demonstrating its commitment to consistently delivering the highest professional security services standards.” Ian Glover, President of CREST.
CREST Penetration Testing Services Accreditation
CREST doesn’t mandate a methodology for pentesting, as they want to ensure that members have some freedom over how they conduct their engagements. However, there are certain attributes in the methodology adopted by companies that CREST looks for to ensure processes are in place to correctly scope an assignment, perform the pentest in an ethical manner under a standard of legal and regulatory frameworks, that pentesters are controlled and work in a defined scope, and that customer data is appropriately protected.
Benefits of using a CREST Member Company
CREST highlights a few key benefits of accreditation:
Independent, verifiable third party assessment of your security testing business
Assurance that you are using a trusted organization utilizing highly skilled, knowledgeable, competent, and technically capable pentesters.
These policies, processes, and procedures have been assessed by CREST and have been deemed fit for purpose. Resubmission is required every year and a full re-assessment is required every three years to ensure currency.
Additionally, CREST companies sign a binding and enforceable company code of conduct that ties them to their CREST submission, and they agree to align their complaints process with that of CREST. All CREST qualifications have been reviewed and endorsed by the UK Government, the NCSC.