We’re thrilled to announce that we’ve received two important accreditations, CREST & NIS security auditor. This milestone is proof of our expertise and proficiency, the two certifications further strengthening our Security and Data Protection offering to our clients:
1. The NIS security auditor certification allows us to conduct cybersecurity audits under the NIS law and evaluate the security of networks and IT systems of Essential Service Operators (ESOs) and Digital Service Providers (DSP);
2. The CREST accreditation confirms that our pentesting services are performed at the highest quality standards.
1. WHAT DOES IT MEAN TO BE A CREST-CERTIFIED COMPANY?
Council of Registered Ethical Security Testers (CREST) is a not-for-profit accreditation and certification international body that provides widely recognized technical security services accreditations. It also certifies professionals in the fields of threat intelligence, Security Operations Center (SOC) services, vulnerability assessment, cyber incident response, and penetration testing. Its member companies or professionals go through rigorous assessments on a regular basis.
It takes a lot of work to become a CREST Accredited Member because all penetration testing techniques, quality controls, data security, and many other internal business processes must be evaluated. Once a company gets this accreditation, maintaining it requires an ongoing process, with a full reassessment every year. This accreditation is another aspect to consider as you go through your due diligence process when selecting a cybersecurity provider.
There were several policies, processes, and procedures that the Zitec team submitted, which have been assessed by the CREST auditors and regarded as best practices:
- Certified individuals
- Assignment preparation and scope
- Technical methodology
- Assignment execution
- Event analysis and response
- Tools and resources
- Information sharing
- Data storage and transmission controls
- Post technical delivery
- Asset, information, and document storage, retention, and destruction
A business with CREST certification is acknowledged for providing the best cybersecurity services, employing qualified professionals, and exhibiting conformity to the highest industry-wide legal, ethical, and technical standards.
Zitec is one of a growing number of cyber security services companies that recognizes the benefits of CREST accreditation and its growing influence around the world. Zitec is now able to demonstrate that its penetration testing services have been validated to the highest standards by successfully going through the rigorous CREST accreditation process, covering business processes, data security, and testing methodologies. Congratulations on this achievement.
Rowland Johnson, President of CREST
2. WHAT IS THE NIS DIRECTIVE AND WHY IS IT IMPORTANT?
The NIS Directive is the first EU-wide directive on cybersecurity providing legal measures to increase the overall level of cybersecurity in the EU. The directive has been passed into European national laws with the aim to achieve a common standard of network and information security across all EU member states. As services rely more and more on IT infrastructures, these measures will help strengthen the level of preparedness of EU states in front of cyber security threats and increase the general trust in the Digital Single Market.
The NIS Directive requires a set of mandatory measures that need to be implemented in terms of network and information security for digital service providers and for operators of essential services in the following sectors:
- Drinking water supply and distribution
- Banking and financial market infrastructure
- Online marketplace and search engines
- Cloud computing
- Digital infrastructure
Businesses from these sectors that the Member States have recognized as providing vital services will need to implement the necessary security measures and notify the competent national authorities of any significant cybersecurity-related event. Due to the surge in cyber-attacks and the difficulties in NIS implementation, the Commission has expanded the scope of NIS through NIS2 this month, which introduces more stringent supervisory measures and enforcement requirements.
WHAT ARE THE BENEFITS OF PARTNERING WITH A CREST & NIS ACCREDITED COMPANY?
As a CREST-certified company, we can ensure that you have all the proper processes and controls in place to prevent potential malicious attacks. This accreditation is a confirmation that the penetration tests we’re running are backed by proper and up-to-date skills, strategies, and techniques to give you the best assessment of your cybersecurity posture. With this accreditation, our clients gain confidence in the level of service we’re offering as the assessment process covers the entire level of preparedness in delivering advanced cybersecurity services.
Another benefit of choosing a CREST member company for cybersecurity services includes assistance with regulatory compliance, as many information security requirements like ISO 27001, NIST Framework, or PCI DSS may require a penetration test. Additionally, the CREST accreditation is globally acknowledged. In other words, our international clients are now reassured that we are qualified and reputable in terms of information security.
As for the NIS auditor accreditation, the main benefit for our clients is ensuring compliance with the NIS Directive. The audits we’re performing assess their current state of compliance through aspects such as security governance, availability (resilience) of systems, and protection of networks and information systems.
TALK TO OUR SECURITY & DATA PROTECTION EXPERTS
Our Security & Data Protection team has extensive experience in helping Zitec clients secure their digital assets, along with a vast portfolio that includes projects such as Sameday, UNTOLD, Flanco, Cars2Click, Flip, Arctic, and many others. Send us a message if you have any inquiries or want to learn more about securing your business.