CREST launches staged programme to guide firms to full cyber accreditation
The new process includes two distinct stages, known as Pathway and Pathway+, which offer organisations structured progress milestones before achieving full CREST accreditation. These stages are targeted at businesses that aspire to meet high standards in cyber security but may require additional resources and guidance to reach that level.
Accreditation pathway
Through the Pathway programme, organisations enter the CREST community where they can access resources aimed at helping them work towards full accreditation. This includes staying up to date on cybersecurity developments, joining relevant communities, and familiarising themselves with the requirements of CREST standards.
The Pathway+ designation goes further by providing a toolset that allows organisations to self-assess against CREST's accreditation standards. This helps them identify strengths and areas where further development is needed, and may offer opportunities for mentoring from existing CREST members and access to government funded development initiatives in some regions.
To join the Pathway, companies provide essential information and agree to follow the CREST Code of Conduct. Advancement to Pathway+ requires a self-assessment against relevant organisational standards and at least one CREST cybersecurity service area.
Jonathan Armstrong, Head of Product at CREST, explained the rationale behind the staged approach. He stated, "The importance of working with a trusted and capable cybersecurity service provider cannot be overstated. With millions of pounds at risk, whether through regulatory fines, extortion, business disruption, or lost revenue, cybersecurity is simply too critical to be left to chance with inconsistent or unrecognised vendors." Armstrong continued, "CREST provides assurance and elevates professionalism in the cybersecurity sector. Buyers can be confident when buying services from a CREST member company that they are being supported by a company which has been assessed against the most stringent standards available globally in their areas of technical competence. Pathway and Pathway+ are the latest additions to our framework, designed specifically for organisations that are committed to accreditation but may not yet meet the full criteria, or are actively working to demonstrate their readiness."
Armstrong added, "These programmes offer a structured pathway for progression, enabling organisations to showcase their commitment to high standards while developing the capabilities needed for full CREST accreditation. In doing so, they gain access to tools and guidance that enhance service quality, accelerate their journey toward membership, and contribute to our shared mission of building trust and strengthening the global cybersecurity ecosystem."
Timelines and expectations
The framework specifies target timelines for moving through the stages. Pathway+ participants are expected to aim for full accreditation within two years, while organisations starting with Pathway have up to four years to achieve the same milestone. This structure is intended to support organisations' service development while maintaining a clear standard of progression.
Full CREST accreditation, once achieved, includes a robust and independent evaluation of an organisation's services, security processes, staff competence, and governance structures. CREST-accredited status is promoted as a trustmark that signals to service buyers that providers adhere to consistent and rigorously tested standards.
Service reliability
The new Pathway stages are expected to help standardise the quality of cybersecurity service delivery, particularly in areas such as penetration testing, threat intelligence, red teaming, security operations, and incident response. CREST states this consistency enables "meaningful year-on-year comparisons" for buyers and helps promote transparency and trust across the industry.
By opening up these stages to organisations at an earlier point in their development, CREST aims to increase both capacity and capability across the cyber security sector internationally. The process is positioned to support the gradual maturation of security firms while increasing confidence in the market's ability to deliver secure, reliable services.
Organisations recognised under the Pathway and Pathway+ models do not attain official accreditation immediately, but instead signal a commitment to progress and responsible practice in cyber security. For buyers, working with a CREST-accredited provider signals that the services are delivered by professionals with appropriate and up-to-date training, having been assessed against industry standards that are recognised internationally.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
24-07-2025
- Techday NZ
CREST launches staged programme to guide firms to full cyber accreditation
CREST has introduced a staged pathway designed to support organisations on the route towards its globally recognised cybersecurity accreditation. The new process includes two distinct stages, known as Pathway and Pathway+, which offer organisations structured progress milestones before achieving full CREST accreditation. These stages are targeted at businesses that aspire to meet high standards in cyber security but may require additional resources and guidance to reach that level. Accreditation pathway Through the Pathway programme, organisations enter the CREST community where they can access resources aimed at helping them work towards full accreditation. This includes staying up to date on cybersecurity developments, joining relevant communities, and familiarising themselves with the requirements of CREST standards. The Pathway+ designation goes further by providing a toolset that allows organisations to self-assess against CREST's accreditation standards. This helps them identify strengths and areas where further development is needed, and may offer opportunities for mentoring from existing CREST members and access to government funded development initiatives in some regions. To join the Pathway, companies provide essential information and agree to follow the CREST Code of Conduct. Advancement to Pathway+ requires a self-assessment against relevant organisational standards and at least one CREST cybersecurity service area. Jonathan Armstrong, Head of Product at CREST, explained the rationale behind the staged approach. He stated, "The importance of working with a trusted and capable cybersecurity service provider cannot be overstated. With millions of pounds at risk, whether through regulatory fines, extortion, business disruption, or lost revenue, cybersecurity is simply too critical to be left to chance with inconsistent or unrecognised vendors." Armstrong continued, "CREST provides assurance and elevates professionalism in the cybersecurity sector. Buyers can be confident when buying services from a CREST member company that they are being supported by a company which has been assessed against the most stringent standards available globally in their areas of technical competence. Pathway and Pathway+ are the latest additions to our framework, designed specifically for organisations that are committed to accreditation but may not yet meet the full criteria, or are actively working to demonstrate their readiness." Armstrong added, "These programmes offer a structured pathway for progression, enabling organisations to showcase their commitment to high standards while developing the capabilities needed for full CREST accreditation. In doing so, they gain access to tools and guidance that enhance service quality, accelerate their journey toward membership, and contribute to our shared mission of building trust and strengthening the global cybersecurity ecosystem." Timelines and expectations The framework specifies target timelines for moving through the stages. Pathway+ participants are expected to aim for full accreditation within two years, while organisations starting with Pathway have up to four years to achieve the same milestone. This structure is intended to support organisations' service development while maintaining a clear standard of progression. Full CREST accreditation, once achieved, includes a robust and independent evaluation of an organisation's services, security processes, staff competence, and governance structures. CREST-accredited status is promoted as a trustmark that signals to service buyers that providers adhere to consistent and rigorously tested standards. Service reliability The new Pathway stages are expected to help standardise the quality of cybersecurity service delivery, particularly in areas such as penetration testing, threat intelligence, red teaming, security operations, and incident response. CREST states this consistency enables "meaningful year-on-year comparisons" for buyers and helps promote transparency and trust across the industry. By opening up these stages to organisations at an earlier point in their development, CREST aims to increase both capacity and capability across the cyber security sector internationally. The process is positioned to support the gradual maturation of security firms while increasing confidence in the market's ability to deliver secure, reliable services. Organisations recognised under the Pathway and Pathway+ models do not attain official accreditation immediately, but instead signal a commitment to progress and responsible practice in cyber security. For buyers, working with a CREST-accredited provider signals that the services are delivered by professionals with appropriate and up-to-date training, having been assessed against industry standards that are recognised internationally.
Techday NZ
21-07-2025
- Techday NZ
Check Point earns CREST accreditation for penetration testing
Check Point Software Technologies has confirmed that its Infinity Global Services Penetration Testing team has been awarded CREST accreditation for penetration testing services. The CREST accreditation recognises companies that adhere to strict standards relating to technical capability, ethical conduct and quality assurance within the field of penetration testing. This status indicates that Check Point's services meet international benchmarks for diligence and credibility, providing customers with an additional layer of assurance in an increasingly regulated cyber environment. Check Point executives emphasise that the accreditation reflects both the company's methodology and ethical standards in offensive security. Eitan Lugassi, Vice President of Infinity Global Services at Check Point Software Technologies, stated, "This accreditation reflects our dedication to delivering the highest level of security assurance to our customers. CREST certification is a globally recognised symbol of quality and integrity. It tells our customers that they can trust our penetration testing to deliver meaningful insights, follow best practices and support compliance with international standards." Through CREST-accredited penetration testing, Check Point will now provide services designed to identify, assess and remedy vulnerabilities using proven methods and peer-reviewed processes. The accreditation process itself evaluates both organisational practices and technical proficiency to maintain high ethical and operational standards. CREST, as a not-for-profit accreditation body, provides certifications only after comprehensive audits of technical strategy, ethical frameworks and quality management systems within participating organisations. For Check Point, achieving this recognition demonstrates the strength of its internal controls and the expertise of its testing teams. Infinity Global Services, a cyber security division within Check Point, oversees a broad collection of cyber security offerings. The team consists of over 450 professionals who provide support and incident response services around the clock. By deploying real-time threat intelligence, Infinity Global Services enables clients to detect and mitigate cyber threats as they arise, and to respond rapidly to cyber incidents that affect business continuity. According to Check Point, its CREST-accredited penetration testing encompasses several core offerings. These include expert-led testing that simulates real-world cyber attack scenarios, which are structured around CREST-approved methodologies to ensure review consistency and technical precision. Actionable reporting forms another component, with each assessment delivering prioritised recommendations that clients can integrate into their security posture. The company also highlights the integration of testing programmes with up-to-date threat intelligence across sectors and regions. This is intended to foster ongoing improvement by adapting to evolving attack tactics and supporting large-scale IT environments. Check Point's service track record includes experience with millions of IT assets across various industries worldwide. As regulatory pressures increase, especially around compliance and transparency, CREST certification offers organisations assurance that their chosen security partners meet stringent industry standards for ethical behaviour and technical depth. Check Point claims its accredited service provides enhanced transparency and professionalism, giving clients greater confidence in the assessments conducted on their infrastructure. Key components of Check Point's accredited testing include the use of CREST-aligned methodologies, simulation of real-world attacks, recommendations prioritised for customer action, and integration of findings with threat intelligence for continual adaptation to the evolving threat landscape. Check Point reiterates that the CREST accreditation underlines its commitment to providing reliable, rigorous, and globally validated penetration testing services for organisational cyber defence, recognising its capability in managing complex environments and its dedication to high-assurance security practices.
NZ Herald
16-07-2025
- NZ Herald
Immigration adviser fined, loses licence for visa scam with fake jobs
There have been widespread reports of fraudulent employers and agents selling jobs under the Accredited Employer Work Visa scheme since early 2023. The latest decision by the tribunal comes more than a year after the tribunal upheld 51 breaches by Ma, involving advice given to five other clients. The breaches included six counts of dishonesty involving giving false information and documents to Immigration New Zealand, as well as other breaches of the licensed immigration advisers' Code of Conduct. Ma was ordered to compensate $19,061 to one victim and fined $17,000 across three different complainants. Ma's licence was suspended in April 2024, shortly after the first tribunal decision against her, but was not revoked then. In this latest case, the two migrants arrived in New Zealand only to find there was no available work with ZR Homes. They filed complaints to the Immigration Advisers Authority against Ma and stated they had no work or any income for several weeks after arriving in New Zealand, which caused them significant mental distress. Immigration Advisers Authority registrar Duncan Connor said the numerous breaches and deliberate attempt to conceal a conflict of interest was unacceptable. 'The seriousness of the complaints and pattern of behaviour prompted the authority to seek suspension of Ms Ma's licence, which was granted by the tribunal pending the outcome of the final tribunal decision, which we were pleased the tribunal agreed with,' Connor said. Tribunal chairman DJ Plunkett said in his decision that the misconduct was aggravated by the lack of any acknowledgment of serious wrongdoing by Ma. – RNZ
