When selecting a penetration testing provider, CREST accreditation is the most important credential to look for. Here's why CREST matters and why Bank Negara Malaysia requires CREST-certified providers for financial institution assessments.
What is CREST?
CREST (Council of Registered Ethical Security Testers) is an international not-for-profit accreditation body that certifies both individual penetration testers and security companies. Founded in 2006 in the UK, CREST has become the global gold standard for penetration testing.
Why CREST Matters
Rigorous Technical Exams
CREST certifications require passing difficult practical exams that test real-world hacking skills, not just theory.
Ongoing Competence
CREST members must demonstrate continuous professional development and maintain their skills.
Code of Conduct
CREST members are bound by strict ethical guidelines and confidentiality requirements.
Quality Assurance
CREST companies undergo regular audits to ensure their processes meet high standards.
Regulatory Recognition
CREST is recognized by regulators worldwide, including Bank Negara Malaysia for RMiT compliance.
Insurance & Liability
CREST companies must maintain professional indemnity insurance, protecting clients.
Bank Negara's CREST Requirement
Bank Negara Malaysia's Risk Management in Technology (RMiT) framework specifically requires financial institutions to engage CREST-accredited providers for penetration testing. This requirement ensures:
- Consistent quality across all financial institution assessments
- Testers have demonstrated competence through rigorous examination
- Ethical handling of sensitive financial data
- Professional accountability and recourse mechanisms
RMiT Requirement
“Financial institutions must engage CREST-accredited penetration testing providers to ensure the quality and reliability of security assessments.”
— Bank Negara Malaysia RMiT Framework
CREST Certifications Explained
CRT (CREST Registered Tester)
Entry-level certification demonstrating core penetration testing skills.
CCT (CREST Certified Tester)
Advanced certification for experienced penetration testers. Available in Infrastructure and Application tracks.
CCSAS (CREST Certified Simulated Attack Specialist)
Expert-level certification for red team operators and advanced adversary simulation.
Choosing a CREST Provider
When selecting a CREST-accredited penetration testing provider, consider:
- Verify their CREST accreditation on the official CREST website
- Check the certifications held by their individual testers
- Review their experience in your industry sector
- Ensure they understand Malaysian regulatory requirements
- Ask for sample reports to assess quality
nCrypt is CREST Accredited
nCrypt Malaysia is a CREST-accredited penetration testing company with multiple CREST-certified testers on our team. We specialize in serving Malaysian financial institutions and understand RMiT requirements.
Request CREST-Certified Assessment