YesWeHack announces CREST accreditation for pentesting services

January 29, 2024

YesWeHack announces CREST accreditation

YesWeHack is proud to reveal we are now CREST-accredited for penetration testing services delivered in Asia and EMEA (Europe, Middle East and Africa).

This means our penetration testing services are compliant with stringent, internationally recognised requirements – giving customers strong assurance regarding our technical expertise, competence and professional values.

Accreditation process

To become a member of CREST, YesWeHack had to undergo a rigorous accreditation processes covering the policies, processes and competencies involved in delivering pentest-related services.

Membership criteria covers four key areas: operating procedures and standards, personnel security and development, approach to testing and response, and data security.

Among other things, CREST scrutinised our information security certifications, quality management system, contract management, insurance policies, compliance with relevant legislation and our complaint-handling process. YesWeHack provided references from existing customers as part of the process.

Competitive advantage

The CREST seal of approval gives customers peace of mind about our competence and adherence to the highest professional and ethical standards. Using CREST-accredited providers can sometimes even be a prerequisite to securing commercial contracts, or at least offer a competitive advantage.

These advantages apply regardless of which regions your organisation operates in, since CREST accreditation is recognised and valued around the world.

CREST continually reviews and refines its assessment methods and criteria to reflect evolving threats, technology and best practices, while YesWeHack must demonstrate compliance annually through the membership renewal process.

YesWeHack is now listed with over 300 CREST-accredited providers worldwide on the CREST website.

The news coincides with the announcement that our Information Security Management System (ISMS) is now officially compliant with ISO/IEC 27017 – a globally recognised standard for cloud security controls.

Miguel Ania Asenjo, chief information security officer (CISO) at YesWeHack, comments: “CREST membership is a global gold standard within the cybersecurity industry. Together with our latest ISO certification, YesWeHack’s new status as a CREST-accredited provider of pentest services gives customers strong assurance of our ongoing efforts to achieve the highest possible standards of technical competence, data security and professional values.”

“CREST is delighted to welcome YesWeHack as an accredited member company for its penetration testing services,” said Rowland Johnson, president of CREST. “This accreditation provides customers with valuable assurance that the company constantly delivers the highest security services standards.”


CREST is an international, not-for-profit accreditation and certification body representing the technical information security industry. Founded in the UK in 2006, it now has regional chapters covering the Americas, Asia, Australasia and EMEA.

Centred on four values – capability, capacity, consistency, collaboration – it provides certifications to both organisations and cybersecurity professionals, and engages with governments, regulators and cybersecurity companies worldwide to drive higher industry standards.

Trust and security

Visit our Trust and Security page to find out more about how we strengthen our security and data privacy posture. This includes, among other things, our commitments to GDPR-compliance, state-of-the-art encryption, a secure-by-design model, a zero-trust network and maintaining our own public Bug Bounty Program.