Spend five minutes in the cyber security world, and it can start to feel like you’re drowning in a sea of abbreviations. CHECK and CREST are two you should learn if you’re thinking about penetration testing for your organisation. In this blog we’ll explain the difference between the two.
AI, BCP, CISO, DDoS, DMZ, GRC, MFA, SIEM, VPN… Where there’s cyber, there’s abbreviations. What is helpful shorthand for those in the know can be intimidatingly opaque for anyone starting to dip their toes into the world of cyber security.
Two abbreviations you may have heard are CHECK and CREST – especially if you’re looking into running penetration testing at your organisation. In this blog we’ll explain the difference between CHECK and CREST, and why they’re both important things to look out for when selecting a penetration testing provider.
What is CHECK?
CHECK is a scheme managed by the National Cyber Security Centre (NCSC), under which companies approved by the NCSC can conduct authorised penetration tests on public sector and critical national infrastructure (CNI) systems and networks. The NCSC was launched in October 2016 and exists to help make the UK the safest place to live and work online.
Six Degrees is a CHECK Service Provider, which means we carry out penetration tests using NCSC recognised methods and produce the resultant reports and recommendations to recognised standards.
CHECK Service Providers must also employ at least one CHECK Team Leader. CHECK Team Leaders and CHECK Team Members must undertake rigorous exams to ensure they have the technical competence needed to meet the NCSC’s requirements.
What is CREST?
CREST is an international not-for-profit membership body that represents the global cyber security industry. To qualify for the NCSC CHECK scheme, penetration testing providers need to employ individuals who hold at least one of two qualifications. One of these is CREST Certified level in penetration testing, which sets a benchmark for senior professionals.
CREST also accredits penetration testing providers, who must demonstrate high levels of cyber security qualifications by maintaining a number of certifications in their teams. They also have to meet compliance standards including quality standards like the ISO 27000 family and Cyber Essentials, and hold a high level of liability insurance.
You’ve probably guessed it, but Six Degrees is a CREST member. We have gone through rigorous accreditation processes covering the policies, processes, and competencies we have in place for delivery of our services – giving assurance that our penetration testing services really are best in class.
What’s the Difference Between CHECK and CREST?
So what’s the difference between CHECK and CREST? Well, one’s a scheme and one’s a membership body. But they’re related, and you really should know about them if you’re looking to engage with a penetration testing provider.
Six Degrees’ Penetration Testing services are performed by certificated, qualified and experienced in-house testers, who deliver expert manual penetration testing complemented by comprehensive recommendations and reports. And unlike many, we can help you resolve any vulnerabilities our testers find and implement a plan to elevate your organisation’s entire cyber security posture. Get in touch if you’d like to find out more about how we can support you.