The Precursor Security Operations Centre has achieved CREST SOC accreditation - an independent credential awarded by CREST (Council of Registered Ethical Security Testers) that validates a Security Operations Centre against a rigorous set of operational, procedural and compliance standards. This accreditation confirms that Precursor's Managed Detection and Response services meet independently verified benchmarks for service quality and security assurance.
Who is CREST?
CREST (Council of Registered Ethical Security Testers) is an international not-for-profit organisation, established in response to unregulated security testing services. Founded in 2008, CREST has spent over fifteen years raising the standards and quality of cyber services providers globally. CREST's member directory now lists more than 500 accredited organisations across more than 70 countries, spanning Europe, North America, Asia-Pacific, and the Middle East.
CREST identified that there are very few barriers to establishing a cyber services company, despite the risk they take on and trust they require to operate. Therefore, accreditation against a standard and setting the bar became a must to sustain a high level of quality. This is achieved through assuring service providers across several available accreditations, one of those being CREST SOC.
CREST works in partnership with the NCSC (National Cyber Security Centre) to deliver key assurance schemes including CHECK - the UK government's standard for penetration testing of critical national infrastructure - and the NCSC Cyber Incident Response (CIR) scheme. For UK security buyers, CREST accreditation represents the benchmark the NCSC points to when assessing security service providers.
What is a 'CREST SOC'?
The CREST SOC accreditation is a rigorous path to validating that an organisation's Security Operations Centre (SOC) is up to the expected standards set out by CREST. CREST reviews everything from general company details and operating hygiene through to ensuring basic industry compliance with standards such as ISO 27001 (Information Security Management) and ISO 9001 (Quality Management), and then reviewing SOC-specific areas such as Standard Operating Procedures (SOPs), playbooks, logging and monitoring strategies, incident response capability, threat intelligence integration, and analyst competency.
CREST SOC assessment evaluates detection and response capabilities against documented threat actor behaviours - criteria that align with the MITRE ATT&CK framework that security teams use to benchmark coverage of adversary tactics and techniques. This means buyers can be confident that a CREST SOC accredited provider has demonstrated not just that they have the right tools, but that their analysts can use them effectively against real-world threats.
This whole process enforces a high quality of service and trust for consumers of such services. Precursor Security is one of a select number of UK providers to hold CREST SOC accreditation - a credential that assesses the full SOC operation, not just individual practitioners. When you see the CREST SOC badge, you are dealing with a provider that has been independently assessed against a defined operational standard.
Organisations subject to the NIS2 Directive (EU 2022/2555) - which mandates independent validation of security measures under Article 21, including policies on incident handling and measures to assess the effectiveness of cybersecurity risk-management measures - can reference CREST SOC accreditation as evidence that their managed detection and response provider has been assessed against a defined operational standard.
What Does the CREST SOC Critical Functions Guide Cover?
If you are evaluating SOC services, these come in several forms:
- Managed SOC
- Managed SIEM (Security Information and Event Management)
- Managed EDR (Endpoint Detection and Response)
- Managed XDR (Extended Detection and Response)
- Managed Detection & Response (MDR)
Buyers should understand what each service model covers, where the scope boundaries lie, and what alternatives exist. This starts with understanding a SOC and its critical functions. CREST has published a CREST SOC Critical Functions Guide which identifies five core functions that a SOC must demonstrate to achieve accreditation: Security Monitoring, Threat Intelligence, Incident Management, Vulnerability Management, and Security Data Management. These functions form the assessment framework - a CREST SOC accredited provider must demonstrate documented, operational capability across all five, not just the subset covered by a commercial contract.
For buyers, the guide serves as a ready-made evaluation checklist. Before engaging a managed SOC or MDR provider, you can ask directly which of the five CREST critical functions they cover, how those functions are evidenced in their SOPs and playbooks, and whether they hold CREST SOC accreditation as independent confirmation. The guide is publicly available and free to download from the CREST website.
The table below maps each service type to its primary scope and typical buyer fit, to help you identify which model aligns with your requirements before engaging a provider.
| Service Type | What It Covers | Key Technology | Best For |
|---|---|---|---|
| Managed SOC | Broad security monitoring, detection, triage, and escalation across the client environment | SIEM platform (Security Information and Event Management) combined with analyst-led investigation | Organisations that need continuous monitoring coverage without in-house SOC headcount |
| Managed SIEM | Log aggregation, correlation rule management, and alert generation from a centralised SIEM platform | SIEM (e.g., Microsoft Sentinel, Splunk, QRadar) | Organisations with existing security teams that need SIEM tooling and rule management outsourced |
| Managed EDR | Detection and response focused on endpoint activity - devices, servers, and workstations | EDR platform (Endpoint Detection and Response) (e.g., CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint) | Organisations prioritising endpoint visibility and rapid device-level response |
| Managed XDR | Unified detection across endpoints, network, cloud, and identity - correlated in a single platform | XDR platform (Extended Detection and Response) integrating data from multiple security domains | Organisations with complex, multi-surface environments requiring correlated detection across all layers |
| Managed Detection & Response (MDR) | End-to-end threat detection, investigation, and active response - including threat hunting and adversarial context | SIEM, EDR, XDR, and threat intelligence feeds combined with human analyst expertise | Organisations requiring a comprehensive, outcome-focused service with active threat containment |
Is CREST SOC Accreditation Worth It for Buyers?
For security buyers evaluating managed SOC and MDR providers, CREST SOC accreditation removes a significant portion of the due diligence burden. Rather than relying on a provider's self-attested claims about their detection capability, analyst qualifications, or process maturity, you can use the CREST SOC badge as confirmation that an independent body has already assessed and validated those elements against a published standard.
As a CREST accredited SOC provider, Precursor Security's Managed Detection and Response services are independently validated - not self-described. If you are shortlisting MDR providers in the UK and want to speak with a CREST SOC accredited team, contact us or explore our MDR and SOC services.
Frequently Asked Questions
What is CREST SOC accreditation?
CREST SOC accreditation is an independent credential awarded by CREST (Council of Registered Ethical Security Testers) that validates a Security Operations Centre against a defined set of operational, procedural and compliance standards. It covers company governance, ISO 27001 and ISO 9001 compliance, SOC-specific capabilities including incident response, threat intelligence, and analyst competency, and ongoing operational hygiene. Holding CREST SOC accreditation confirms that a provider's SOC has been assessed by a third party - not just self-certified.
Who is CREST and why does their accreditation matter?
CREST (Council of Registered Ethical Security Testers) is an international not-for-profit organisation founded in 2008 to raise standards across the cyber security industry. With more than 500 member organisations across 70+ countries, CREST is the principal professional body for accrediting security testing and security operations companies in the UK. CREST works in partnership with the NCSC to deliver the CHECK and Cyber Incident Response (CIR) assurance schemes, making CREST accreditation the benchmark against which UK government and enterprise security buyers assess providers.
What does the CREST SOC Critical Functions Guide cover?
The CREST SOC Critical Functions Guide identifies five core functions that a Security Operations Centre must demonstrate to achieve CREST SOC accreditation: Security Monitoring, Threat Intelligence, Incident Management, Vulnerability Management, and Security Data Management. It provides a publicly available assessment framework that buyers can use to evaluate and compare SOC providers - asking providers directly which functions they cover and how they evidence them. The guide is freely available from the CREST website.
How does CREST SOC accreditation relate to NIS2?
The NIS2 Directive (EU 2022/2555) requires essential and important entities to implement appropriate measures to manage cybersecurity risks, including policies on incident handling (Article 21(b)) and measures to assess the effectiveness of security controls (Article 21(f)). CREST SOC accreditation provides evidence that a managed detection and response provider has been independently assessed against a defined operational standard - supporting a covered entity's ability to demonstrate that their provider's capabilities have been externally validated.
What is the difference between a Managed SOC and Managed Detection and Response?
Managed SOC is the broader service category - it encompasses all outsourced security operations functions. Managed Detection and Response (MDR) is a subset that emphasises active threat detection, investigation, and response, typically including threat hunting, adversarial context, and containment actions beyond alert escalation. MDR providers often integrate SIEM, EDR, and XDR capabilities with human analyst expertise. All MDR services are a form of managed SOC service, but not all managed SOC services include the active response and threat hunting components characteristic of MDR.