Close Widget

CREST STAR & Membership

SureCloud has been accredited to provide Simulated Target Attack and Response (STAR) Intelligence-Led Penetration Testing services by the not-for-profit accreditation body, CREST, which represents the technical information security market.

To meet CREST’s stringent requirements to secure STAR service provider status, SureCloud had to demonstrate its robust methodologies and sophisticated capabilities relating to the latest vulnerabilities and cyber crime techniques, as well as meeting government and risk management requirements.

CREST provides organisations wishing to buy penetration testing services, threat intelligence or incident response services, with confidence that the work will be carried out by qualified individuals with up-to-date knowledge, skill, and competence of the latest vulnerabilities and techniques used by real attackers. CREST member organisations have demonstrated a level of assurance of processes and procedures and validated the competence of their technical security staff.

SureCloud’s Vulnerability Assessment Services accredited by CREST

CREST, the international accreditation and certification body for the technical information security market, has recently introduced a Vulnerability Assessment (VA) accreditation, to eliminate confusion in the buying community between VA and penetration testing. Because SureCloud’s Vulnerability Services are managed – that is, a qualified consultant runs the tool and interprets the output for each scan – we  meet the requirements of the new accreditation from the outset.

SureCloud Achieves a Place on DOS4

We are pleased to announce that SureCloud has been awarded a place on the Digital Outcomes and Specialists framework 4 (DOS4). This means that we will be able to sell both cyber services and governance, risk and compliance (GRC) products to public sector organisations, through the framework.

The public sector uses a specialist Digital Marketplace to buy cyber and digital services. Providers of those services must apply for a place in the marketplace, by complying with the terms of the Digital Outcomes and Specialists framework.


ISF Member

The ISF is the world’s leading authority on cyber, information security and risk management. As a member, we have access to a comprehensive library of research reports, which includes risk analysis and continuous benchmark tools and methodologies. It’s an exclusive organisation where members can collaborate, share any challenges and develop solutions with their global peers, as well as learn about the latest security issues from industry experts.


The CHECK scheme enables penetration testing by NCSC approved companies, employing penetration testing personnel qualified to assess IT systems for the Government and other public sector bodies. To become a CHECK company, you must apply and be approved by the assessment panel. This requires you to meet a strict set of requirements, which includes personnel holding SC clearance, passing annual examinations and providing evidence of penetration testing experience.

PCI Approved Scanning Vendor

The PCI Security Standards Council maintains a structured process for security solution providers to become Approved Scanning Vendors (ASVs), as well as to be re-approved each year. The five founding members of the Council recognize the ASVs certified by the PCI Security Standards Council as being qualified to validate adherence to the PCI DSS by performing vulnerability scans of Internet facing environments of merchants and service providers.

Cyber Essentials Plus

Cyber Essentials Plus certified organisations have a clear picture of their organisation’s cyber security level and have been verified by independent experts as demonstrating they have the cyber security measures in place to protect against an attack. Affiliates must comply with the requirements of the scheme, which center on five technical control themes: firewalls, secure configuration, user access control, malware protection and patch management.

SureCloud Wins Awards for Pentest-as-a-Service©

On May 16th 2019, SureCloud won the award at the DCS Awards, Grange St Paul’s Hotel, in London. The award was for Cloud Project of the Year presented by Philip Alsop, Editor Digitalisation World. This award was based on our Pentest-as-a-Service offering hosted on our cloud-based platform for Equiom Group.

Pentest-as-a-Service nominated – Computing Security Awards 2018

The prestigious awards recognise individuals, organisations, and products that are best-of-breed, working tirelessly to keep customers’ operations safe, productive and always ahead of the game. Computing Security Awards announced SureCloud as part of the 2018 nominees. We are proud to say that our Pentest-as-a-Service offering was shortlisted for “Pen Testing Solution of the Year” 2018.

For more information on our accreditations email 

How can we help?