What is CREST?
CREST is an international accreditation and certification body for organisations and/or individuals within the technical information security market. IT Governance has achieved CREST accreditation within penetration testing and vulnerability scanning.
CREST ensures that accredited services are using the correct policies, processes and procedures to ensure quality of service and protection of client information. These organisations are assessed annually to ensure they are meeting the high standards.
What is CHECK?
CHECK is the term for NCSC (National Cyber Security Centre)-approved penetration testing organisations. CHECK was developed for government departments, public-sector bodies and the organisations forming the UK’s critical national infrastructure.
What accreditation body do you require?
CHECK is required for central government departments and their associated agencies:
- All systems processing data protectively marked ‘OFFICIAL’ will be assessed by organisations approved under CHECK.
- Requests for testing of systems processing data protectively marked ‘SECRET’ and above should be sent to the NCSC – we may recommend that the task be performed by a CHECK organisation.
CREST is recommended for all other penetration testing requirements.