Skip to content

CREST vs The Cyber Scheme vs CHECK

When working in the cyber security space you hear of all kinds of acronyms. Some of these relate to qualifications and regulatory bodies. Sometimes it is easy to get these confused and ask for the wrong thing.

In this blog, we look over the difference between CREST and Cyber Scheme and CHECK.

CREST vs The Cyber Scheme

The UK has two major accreditation bodies who are recognised by the National Cyber Security Centre (NCSC) as meeting all the requirements to meet the Governments required status for delivery of Governmental and Public Sector work. They are CREST (Council of Registered Ethical Security Testers) and The Cyber Scheme. These companies certify candidates with the appropriate qualifications to meet a minimum level of ‘CHECK’ status. 

We will talk about CHECK shortly but first, let’s delve into the two accreditation bodies and see how they differentiate from each other. 


Who are CREST? 

CREST is a UK-based international non-profit membership body that offers professional certifications for individuals and accreditations for companies that provide penetration testing, incident response threat intelligence and Security Operations Centre (SOC) services. 

Their certification exams are broken into three experience tiers, these are Practitioner, Registered and Certified level. Practitioner examinations are theory based and are prerequisites for upper levels. The Registered and Certified levels include practical and theory assessments of individual skills and competency and are internationally recognised. 

In the discipline of Penetration testing, The CREST Practitioner Security Analyst (CPSA) is the first exam to be taken. This takes the form of a closed book theory exam taken at a Person Vue testing centre. This exam is multi choice and the candidate taking the exam will be told immediately if they were successful or unsuccessful.  

The first practical exam is the CREST Registered Tester (CRT), This comprises of a technical assault course and is designed for those with at least three years’ experience in delivering commercial level client work. This exam will (as of December 2023) be taken at a Pearson Vue centre and is now a closed book assessment. Holding a valid CPSA is a pre-requisite of taking this exam.

The next level from the CRT is the CREST Certified Tester (CCT) This exam is broken down into 2 specialisms, Application or Infrastructure.

These exams take the form of a technical assault course. The CRT certification is the first step on the road to becoming recognised by frameworks such as CHECK while CCT gives the holder the ability to become a recognised team leader for the CHECK framework known as a CHECK Team Leader. Holding a valid CRT is a pre-requisite of taking this exam.

There are further exams related to CREST but for now we will only focus on the first three.


Who are The Cyber Scheme? 

The Cyber Scheme is UK based and known nationwide. It offers professional certifications, and sponsorship for companies that provide penetration testing and other governance standards such as IASME’s Cyber Essentials range of services. 

The organisation also offers training and mentorship to individuals wishing to sit its industry standard examinations, including the new Cyber Scheme Foundation Level (CSFL) which is designed to bridge the gap between formal education and those starting out as Junior Security consultants.  

Further qualifications include the Cyber Scheme Team Member qualification. (CSTM). This exam includes a theory based multiple choice assessment, technical assault course and post exam viva. This qualification sits at the same level as the CREST CRT and is an equivalence or a good alternative.  

The Cyber Scheme Team Leader (CSTL) is also broken down into 2 disciplines, Application or Infrastructure. This comprises an assessment designed to replicate a real-world penetration test, including a scoping session, technical assessment and client debrief. All courses and examinations take place in Cheltenham UK, the heart of UK Cybersecurity. 

The CSTM certification is the first step on the road to becoming recognised by frameworks such as CHECK and the CSTL gives the holder the ability to become a recognised team leader for the CHECK framework known as a CHECK Team Leader. 

As with CREST there are other exams available but we are just focussing on the first three.


What is CHECK? Isn’t it the same as CREST? 

A common misconception is that the CHECK scheme is the same as CREST but that’s incorrect.  CHECK is the scheme under which NCSC approved companies can conduct authorised penetration tests of public sector and CNI systems and networks. CHECK is a framework approved by the UK Government. 

Companies providing CHECK services do so using staff who hold NCSC approved qualifications and a level of security clearance. Penetration tests are conducted using NCSC recognised methods and the subsequent report and recommendations are produced to a recognised standard.

When an assessment is completed and the report is delivered to the end client, a copy will also be delivered to NCSC for review and archiving. 

In summary: 

CREST and The Cyber Scheme are the only two accreditation bodies in the UK, whose member companies and certified individuals meet the CHECK criteria. As such those with CRT or CSTM as a minimum can be awarded CHECK Team Member (CTM) status. Those holding either CCT or CSTL can be awarded CHECK Team Leader (CTL) status.

Hopefully this clears some of the confusion regarding the difference in accreditation and regulation.  

If you require a penetration test from out CREST and Cyber Scheme qualified penetration testers, please email info@icsstgredman.wpenginepowered.com  

What our clients say

ICS’s penetration testing and audits have been invaluable.  Their team is professional, thorough and highly knowledgeable.  They are a key partner. 

Pete – Amicis

We partnered with Incursion Cyber Security on a recent onsite ITHC project. Lewis and Gareth were professional and communicative throughout the project – from set up calls with the client to providing updates to our PMO whilst onsite during the engagement.  

We received excellent feedback from our client about the quality of testing conducted and internally we were happy with how smoothly the project ran.  

I would highly recommend ICS for their personable and collaborative style of working whilst delivering high-risk Cyber Security projects to an excellent standard.  

Kezia – Prism Infosec


Incursion Security are a phenomenal team. We’ve worked with them on a number of occasions and have always been really happy with the standard of work, the responsiveness to questions, the depth of reporting and recommendations. Strongly recommend them. We will be using them again in the future. 

Mike – Incommsec