Composition of a CHECK team

Created:  26 Oct 2015
Updated:  13 Nov 2017

A CHECK team is composed of at least one CHECK Team Leader and a number of CHECK Team Members who have passed any of the NCSC accredited CREST, Cyber Scheme or Tiger Scheme examination. Only the NCSC may confer CHECK Team Leader/Member status.

Each proposed Team Member must have relevant qualifications with either CYBER/CREST or TIGER examination bodies. We must also have a reference, in email, to their Date of Birth and PAYE Tax Reference Number when requesting Check Team Member certified status.

Each proposed Team Leader must have relevant qualifications with either CYBER/CREST or TIGER examination bodies. We must also have their full Technical CV that includes; employment history dates, roles and responsibilities along with a reference to their Date of birth and PAYE tax reference number.

We also require that each Team Leader submits 2 redacted reports they have authored and answers to the following three questions, on a separate sheet of paper:

  • In the previous 3 years, how many months have you been employed primarily as a pen tester?
  • In the previous 12 months, how many penetration tests have you personally conducted? If under 10 please state the number of days spent performing penetration tests.
  • How many penetration test reports have you personally written in the last 12 months?

Prospective CHECK Team Leaders and Team Members will have passed the relevant NCSC approved assault course. A minimum of 12 months experience as a penetration testing will be required to be demonstrated in the last 36 months for CHECK Team Leaders.

Note that inexperienced and trainee penetration testers will not be accepted into a CHECK team and that CHECK work should not be used as a training assignment without our approval.

As CHECK is a penetration testing scheme, we will not normally approve the addition of individuals who are not penetration testers. This includes individuals who have information security experience outside of penetration testing, such as policy work, risk assessment and so on.

Was this information helpful?

We need your feedback to improve this content.

Yes No