SureCloud®, a supplier of Cloud-based Governance, Risk and Compliance (GRC) solutions and security services, today announced its formal membership of CREST, a not-for-profit accreditation body that represents the technical information security industry.
Becoming a member of CREST adds further credibility to SureCloud’s Penetration Testing services which have been CESG CHECK approved since 2009. SureCloud was also recently re-certified by the Payment Card Industry Security Standards Council (PCI SSC) as a PCI Approved Scanning Vendor (PCI ASV) for the 8th year running.
CREST provides buyers of technical information security services with accredited professional services specialists that have all signed up to a strict and enforceable code of conduct. Organisations purchasing penetration testing services from CREST member organisations can be confident that work will be carried out by competent experts with up to date skills and knowledge relating to the latest vulnerabilities and techniques used by attackers. The CREST scheme also assures that member organisations have suitable policies, processes and procedures to deliver Security Testing as well as to safeguard client information.
“CREST represents the technical information security industry by independently validating the companies and individuals employed to ensure information is protected from the most prevalent cyber threats,” said Ian Glover, President of CREST. “Today’s affirmation of SureCloud as a CREST member is just recognition for the quality, expertise and professionalism that underpins their IT Security team.”
Since 2006 SureCloud has taken an innovative approach to delivering security testing by providing clients with the ability to manage test outputs via the Vulnerability Management application within the SureCloud Platform as well as delivering traditional penetration reports.
The SureCloud Platform can also provide clients with other functionality including Event Management, Vulnerability Scanning as well as help to automate spreadsheet-based GRC processes.
“We are delighted to become a CREST member company,” said Richard Hibbert, CEO of SureCloud “We have always been a keen supporter of their work and today they have returned the compliment by recognising our commitment to deliver the highest professional security services standards to private and public sector organisations.”
CREST is a not-for-profit body that represents the technical information security industry. CREST provides internationally recognised accreditations for organisations and certification of individuals providing penetration testing, cyber incident response, threat intelligence and security architecture services. Member companies undergo a rigorous accreditation process that assesses methodologies, legal and regulatory standards, staff vetting and data handling. CREST qualified individuals have to pass challenging professional level examinations that demonstrate their knowledge, skill and competence. CREST member companies and CREST qualified individuals sign up to strict and enforceable codes of conduct. All examinations and processes have been reviewed and approved by CESG, the Information Security arm of GCHQ. CREST has member companies in a number of countries and a formally established Chapter in Australia.
The CREST Cyber Security Incident Response Scheme (CSIR) is endorsed by GCHQ and CPNI and focuses on appropriate standards for incident response from all sectors of industry, the public sector and academia. In addition, the CREST Security Architecture examination is formally recognised under the UK CESG Certified Professional Scheme.
Working alongside the Bank of England, government and industry, CREST developed a framework to deliver controlled, bespoke, intelligence-led cyber security tests. The STAR scheme is a prerequisite for membership of the BoE CBEST scheme, used to provide assurance to the most important UK financial institutions. CREST, jointly with CESG, developed a technical assessment and certification framework for the Cyber Essentials scheme. Cyber Essentials is a ground-breaking initiative from the UK Government, introducing an entry-level cyber security standard for organisations.