**CREST Accreditation**

Fortis is delighted to announce that we have recently become a CREST accredited penetration testing company. After a rigorous application process that assesses virtually every aspect of our business and validates the knowledge, skills, and experience of our team, we are now officially recognised as a leading provider of penetration testing services.

**What is CREST?**

CREST is a not-for-profit accreditation and certification body that represents the technical information security industry and was established in response to the need for more regulated professional services. It is now a globally recognised cyber assurance body for the technical security industry, covering a variety of information security services, including penetration testing.

**Why should you choose a CREST-accredited service provider?**

A quick search of the web will produce a list of numerous providers offering pen testing services. The big question is how do you choose between them, and which ones are reputable and trusted partners who consistently deliver high quality services using suitably qualified and experienced security professionals?

All CREST accredited companies undergo a comprehensive application process with everything from security testing methodologies, resources and reporting to information sharing and data storage independently assessed by CREST. Therefore, choosing an accredited company for pen testing gives you the added assurance that all their policies, procedures and processes have undergone an independent and verifiable third-party assessment. You can also be certain that the services will be carried out using best practice and proven methodologies to ensure you have the necessary controls in place to identify vulnerabilities and prevent breaches and attacks.

CREST members are regularly updated with industry-leading guidance and developments, so as the threat landscape evolves and cyber-attacks become more sophisticated you can be confident that you are working with highly-qualified individuals with up to date knowledge and skills, and the competence to deal with both the new techniques used by real world attackers and the latest vulnerabilities.

The CREST code of conduct provides additional assurance that the company operates within the confines of a regulated industry and that you will receive a high-quality level of service, delivered in an ethical and professional manner.

CREST accreditation quickly and easily identifies your chosen provider’s commitment to robust and comprehensive security testing and, as a globally recognised body, working with a CREST accredited company gives your business greater international credibility. Using CREST accredited pen testers will also build **trust and confidence in your company** and reassure existing and potential customers that you take your responsibility to safeguard their confidential and privileged information seriously, further enhancing your reputation. In fact, using CREST pen testers is increasingly becoming a standard requirement in many highly regulated sectors.

In short, by working with a CREST accredited penetration testing company you ensure you are engaging a trusted, experienced, and professional organisation that undergoes regular and stringent assessment to give you complete confidence in your chosen provider.

Fortis’ comprehensive range of penetration testing services enables clients to identify, assess, and prioritise vulnerabilities and security flaws across their applications, APIs, platforms and infrastructure and our team of security professionals are skilled and experienced in identifying and mitigating vulnerabilities in even the most complex and sophisticated IT environments.

[Supercharging Cyber Attacks: How AI has changed the threat landscape for businesses. ](/content/post/supercharging-cyber-attacks-how-ai-has-changed-the-threat-landscape-for-businesses/index.html)

[**Are You Ready for the Impending Cyber Essentials Changes?**](/content/post/are-you-ready-for-the-impending-cyber-essentials-changes/index.html)

As of April 27th 2026, there are important changes to Cyber Essentials which all organisations holding, or looking to achieve Cyber Essentials or Cyber Essentials Plus, must be aware of. These changes have come about to reflect what is being seen by IASME and the National Cyber Security Centre across real-world incidents, evolving cyber threats and feedback from assessments. The current question set is being updated to tighten certain criteria and to help organisations becom

[**The Fortis "Attack Mitigation Service": Cut cyber risk, reduce workload and simplify vulnerability management.**](/content/post/the-fortis-attack-mitigation-service-cut-cyber-risk-reduce-workload-and-simplify-vulnerability-m/index.html)

Artificial Intelligence (AI) is now being weaponised as threat actors leverage AI at every stage of the attack lifecycle to launch faster, more widespread and more damaging attacks on businesses. This fundamental shift in the threat landscape means cyber criminals can now automate their reconnaissance of businesses, scaling to the scanning thousands of systems, enumerating software versions, analysing configurations, and pinpointing vulnerabilities in Internet-facing businesses.

[**Supercharging Cyber Attacks: How AI has changed the threat landscape for businesses.**](/content/post/supercharging-cyber-attacks-how-ai-has-changed-the-threat-landscape-for-businesses/index.html)

The AI Cyber Attack Threat Landscape It’s a sad state of affairs but Artificial Intelligence (AI) is now being weaponised as threat actors leverage AI at every stage of the attack lifecycle to launch faster, more widespread and more damaging attacks on businesses. Anthropic’s Threat Intelligence Report August 2025 found: AI models are now being used to carry out cyber-attacks at scale AI has lowered the barriers to entry with fewer technical skills required to launch com
