CREST accredits BSI as certifying body for Government’s Cyber Essentials Scheme

The British Standards Institution (BSI) has been accredited by CREST as a certifying body for the UK Government’s Cyber Essentials Scheme. CREST is the not-for-profit professional body that represents the technical information security industry and worked closely with CESG (the information security arm of GCHQ) to develop the technical assessment framework for Cyber Essentials and Cyber Essentials Plus.
Chris Lewis, certification director at the BSI, commented: “We’re delighted to have been accredited by CREST for the UK Government’s Cyber Essentials Scheme. Any organisation involved in the Government’s procurement processes for contracts that involve handling sensitive and personal information will need Cyber Essentials. We’re looking forward to helping our customers provide a greater level of security and confidence in their organisations through certification.”

Ian Glover, the president of CREST, added: “By becoming CREST accredited, BSI is now able to assess businesses against the Cyber Essentials industry standards and issue Cyber Essentials and Cyber Essentials Plus certificates.  This is a really logical extension to the existing BSI security certification processes. The combination of ISO 27001 and Cyber Essentials provides a much higher degree of confidence in the management and basic technical security controls.”

Glover concluded: “In order to become a certification body, BSI has been through a rigorous process and has demonstrated that the organisation possesses the skills and expertise to qualify and certify businesses to the Cyber Essentials standard.”

Technical information security sector

CREST provides internationally recognised certifications for organisations and individuals providing penetration testing, cyber incident response and security architecture services.

Member companies undergo a rigorous assessment and certification process that looks at methodologies, legal and regulatory standards, staff vetting and data handling.

CREST-qualified individuals have passed challenging professional level examinations that demonstrate their knowledge, skill and competence. Company assessments and individual qualifications are underpinned by a strict and enforceable Code of Conduct.

CREST has member companies in a number of countries and a formally established Chapter in Australia

The CREST Cyber Security Incident Response Scheme is endorsed by GCHQ and the Centre for the Protection of National Infrastructure and focuses on appropriate standards for incident response from all sectors of industry, the public sector and academia. In addition, the CREST Security Architecture examination is formally recognised under the UK CESG Certified Professional Scheme.

In tandem with CESG, CREST has developed a technical assessment and certification framework for the new Cyber Essentials scheme. Cyber Essentials is a groundbreaking initiative from the UK Government, introducing an entry-level cyber security standard for organisations.

The CREST assessment and certification for Cyber Essentials balances security and affordability to enable widespread adoption of the scheme by organisations of all types and sizes. Working alongside the Bank of England, CREST has developed a framework to deliver controlled, bespoke, intelligence-led cyber security tests that replicate behaviours of those threat actors assessed by Government and commercial intelligence providers alike as posing a genuine threat to systemically important financial institutions.

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts