The CREST Pathway and Pathway+ options make cybersecurity accreditation accessible to all organisations that aspire to provide cybersecurity services at the highest levels of quality but would benefit from additional resources and guidance to reach their goal.
International cybersecurity not-for-profit, CREST, has expanded its application process with the introduction of the Pathway and Pathway+ stages. Designed for organisations building toward full accreditation through the ongoing development of capability, processes, and alignment with accreditation expectations, the two stages will help companies to advance against internationally recognised standards and begin their journey to reach full CREST accreditation.
The CREST Pathway welcomes an organisation into the CREST ecosystem, where participants benefit from resources to help them reach full accreditation and access to CREST communities that will help keep them abreast of new cybersecurity developments and threats. Pathway+ organisations will further benefit from a toolset that enables them to self-assess against CREST’s accreditation standards to identify their areas of strength and development needs. This stage may also unlock opportunities for mentoring from CREST members and access to government funded development programmes in selected countries. Organisations begin their Pathway journey by sharing essential company details and committing to the CREST Code of Conduct. For Pathway+, they must also self-assess against organisational standards and a CREST cybersecurity service area.
By expanding options to include organisations at earlier stages of development and alignment with standards, CREST advances its mission to build capacity and capability across the cybersecurity industry. It also promotes consistency, transparency, and trust in the delivery of cyber services globally. Through a structured framework, Pathway and Pathway+ organisations are supported in progressing their cybersecurity services, aiming for full CREST accreditation within two years of Pathway+ recognition and within four years for those starting at Pathway.
CREST accreditation serves as a recognised trustmark for buyers of cybersecurity services, offering assurance that accredited organisations meet rigorous, independently verified standards. Full accreditation and membership involve an in-depth review of an organisation’s service delivery, security practices, workforce competence, and overall governance.
Engaging with a CREST-accredited provider offers confidence that services are delivered consistently, securely, and by professionals with up-to-date training and skills. This is especially valuable in disciplines such as penetration testing, threat intelligence, red teaming, security operations centres, and incident response and exercising, where alignment to CREST standards promotes consistent and repeatable services enabling meaningful year-on-year comparisons.
Jonathan Armstrong, Head of Product at CREST said, “The importance of working with a trusted and capable cybersecurity service provider cannot be overstated. With millions of pounds at risk, whether through regulatory fines, extortion, business disruption, or lost revenue, cybersecurity is simply too critical to be left to chance with inconsistent or unrecognised vendors.
“CREST provides assurance and elevates professionalism in the cybersecurity sector. Buyers can be confident when buying services from a CREST member company that they are being supported by a company which has been assessed against the most stringent standards available globally in their areas of technical competence. Pathway and Pathway+ are the latest additions to our framework, designed specifically for organisations that are committed to accreditation but may not yet meet the full criteria, or are actively working to demonstrate their readiness.
“These programmes offer a structured pathway for progression, enabling organisations to showcase their commitment to high standards while developing the capabilities needed for full CREST accreditation. In doing so, they gain access to tools and guidance that enhance service quality, accelerate their journey toward membership, and contribute to our shared mission of building trust and strengthening the global cybersecurity ecosystem.”
To learn more and begin the application process for Pathway or Pathway+, click here.
