What are Certifying Bodies?
With threats constantly evolving, most organisations require professional help to mitigate cyber risk and to implement the right levels of cyber security. However, many organisations are challenged to identify trusted suppliers that have access to competent, qualified experts.
CREST is a not-for-profit industry body whose role is to create and maintain high standards within the technical information security industry, and to drive a consistency of quality across its member organisations. Any organisation that is procuring Cyber Essentials services from a CREST Certifying Body can therefore rest assured that they have all:
- Demonstrated appropriate levels of quality assurance processes, security controls, security assessment methodologies and met additional qualification criteria;
- Signed an enforceable CREST Code of Conduct on an annual basis;
- Proven access to technically competent and appropriately qualified staff;
- Committed to abiding by the requirements of Certification Bodies for Cyber Essentials.
In addition to the Cyber Essentials certification services, CREST Cyber Essentials Certifying Bodies can provide a range of additional services to help organisations better manage their cyber security risks. These services include:
- Penetration testing
- Security audit and compliance
- Security policy
- Security architecture
- Cyber security incident response.