Becoming a CREST ANZ Approved Company

In order to become a CREST ANZ Approved Company, an organisation must provide services and products to or in the cyber and information security industry in Australia or New Zealand, and meet the criteria determined by the Board of CREST Australia New Zealand Ltd from time to time, which include:

  • ascribing to the CREST ANZ Ltd Constitution, which also confers rights and responsibilities in relation to the governance and functioning of CREST ANZ;
  • completing a CREST ANZ Membership Application Form and providing related supporting documentation;
  • consenting to be bound by the CREST ANZ Code of Conduct;
  • a regular audit of policies and procedures relating to security testing.

Most importantly, organisations seeking to become a CREST ANZ Approved Company must have, or be seeking to have, staff accredited in one or more of the CREST ANZ endorsed cyber security accreditations. It is acknowledged that on achieving CREST ANZ membership, an organisation without appropriately accredited staff will have a six-month grace period to reach the required level of appropriately accredited staff, Likewise, if a member organisation loses their CREST ANZ accredited staff, they have a six-month grace period to hire or certify new staff, prior to having their membership suspended.

Further information can be found in the CREST ANZ Membership Policy and documentation can be obtained by contacting CREST ANZ at