ROSELAND, N.J., April 15, 2021 /PRNewswire/ — CREST, a not-for-profit accreditation and certification body representing the technical information security industry, today announced a new remote audit facility for its SOC (Security Operations Center) Accreditation. Reducing the need for travel and helping to ensure more timely and effective audits, the new remote audit capability provides an alternative to on-site audits and will meet the increased International demand for SOC Accreditation, without compromising the high CREST standards.
CREST’s SOC Accreditation is available for both service providers and internal SOCs and was developed with extensive input from CREST members and the wider industry to provide an internationally recognized and independent validation of the SOC. Accreditation demonstrates a high level of assurance and trust. Since its launch at the end of 2017, the CREST SOC Accreditation has seen a significant increase in demand.
CREST has a detailed and comprehensive SOC Assessment Criteria that looks at six key areas of a SOC: Organizational Environment; Customer Requirements; Technology and Tools; Event Analysis; Threat Intelligence & Situational Awareness; and Protecting the SOC. The first stage to accreditation involves completing the application via the CREST Membership Portal, which will ask questions about processes, policies and methodologies. The second stage is the detailed audit conducted by a qualified auditor within six months of the application.
“Even before the pandemic and the additional travel constraints it has brought, high levels of international demand for SOC Accreditation meant we needed to look for a more accessible, flexible and efficient approach to speed up the audit process,” explains Samantha Alexander, Principal Accreditor at CREST. “But we needed to ensure that any solution didn’t impact the very high standards of the audit itself. This remote capability allows the CREST audit team to review documentation, conduct interviews and site tours with the same rigor and attention to detail as an onsite visit.”
CREST will discuss the process with the organization’s SOC team in advance to ensure that all SOC criteria are covered and technology requirements are reviewed to deliver an effective audit. The audit will start with a review of documentation and records, observations of processes and methodologies, interviews with the SOC staff and a remote video tour of the SOC environment. All data and evidence will be noted and included in the final audit report, held under a CREST NDA. More information is available by visiting https://www.crest-approved.org/applying-for-soc-accreditation.
CREST is a not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognized accreditations for organizations providing technical security services and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and security operations centre (SOC) services. CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence. To ensure currency of knowledge in fast changing technical security environments the certification process is repeated every three years.
CREST is governed by an elected Executive of experienced security professionals who also promote and develop awareness, ethics and standards within the cyber security industry. CREST supports its members and the wider information security industry by creating collaborative research material. This provides a strong voice for the industry, opportunities to share knowledge and delivers good practice guidance to the wider community.
For more information please contact:
Avista PR for CREST