In February 2024, FPT IS’s Penetration Testing service successfully passed the rigorous evaluation of the CREST organization, making FPT IS one of the few companies operating in the field of Cybersecurity in Vietnam qualified to be an official member of CREST. FPT IS is currently the only unit in Vietnam to possess the dual CREST certification for Pentest services and PCI.QSA for consulting, assessment, and certification services for PCI.DSS.
FPT IS’s Pentest service has been evaluated by CREST to meet international standards for expert capabilities, professional experience, technological capabilities, policies, procedures, and professional ethics related to service provision. Becoming a member of CREST is an important step for FPT IS in standardizing Pentest services according to international standards, meeting the large demands and challenges of customers regarding security issues in Vietnam as well as globally. It is also an important step for FPT IS in its global strategy.
The estimated market size for Penetration Testing is expected to reach USD 12.76 billion in 2029, with a CAGR growth rate of 24.59% during the forecast period (2024-2029) (Mordor Intelligence report). The hot development of the market has led to the emergence of a series of individuals and organizations providing cybersecurity services, creating challenges for customers when seeking a cybersecurity provider with sufficient professional capabilities and reliability. Therefore, becoming an official member of the CREST organization helps FPT IS demonstrate its reputation and capabilities in the field of Penetration Testing; at the same time, it opens up many opportunities to connect with more than 300 potential partners and customers within the CREST community.
CREST is a non-profit organization established in 2006, granting internationally recognized certifications to organizations providing information security services and professional certifications to individuals providing security vulnerability assessment, penetration testing, incident response, threat intelligence, and security operations center (SOC) services.
With a strict quality assurance process, CREST has set a new standard and become one of the most prestigious certifications that very few enterprises and organizations have achieved. Certified enterprises will be comprehensively reviewed by CREST each year and every three years.
To be recognized as a member of CREST, companies need to achieve strict assessments on the company, deep expertise, and customer references. Regarding the company’s capabilities (25 criteria), FPT IS meets the requirements thanks to the abilities of its personnel, project experience, and most importantly, the standardization of services according to international standards such as ISO9001, ISO27001, etc.
Regarding the capabilities of the Pentest service (including over 32 criteria), FPT IS has achieved nearly perfect scores, proving its success in many major projects, with a team of leading technology experts. Especially, FPT IS has directly received satisfied reviews from domestic and international customers, helping consolidate the firm’s position and capabilities, which have left a strong impression on the evaluation board.
FPT IS’s Global Security Operations and Systems Management Center.
Mr. Rowland Johnson, Chairman of CREST, stated: “We are delighted to welcome FPT IS as a member of CREST in the Asia region. To be recognized, FPT IS has undergone a rigorous assessment process to test testing methodologies, legal and regulatory requirements, data protection standards, internal communications with relevant parties… Becoming a member of CREST is a recognition of the quality of the Penetration Testing solution provided by FPT IS, thereby bringing to customers the highest level of trust in cybersecurity services.”
“FPT IS is proud to be a reliable and comprehensive technology partner for leading organizations and businesses in Vietnam and aims to become a global partner. In the field of information security, we are currently the only technology block in Vietnam to own the dual CREST certification for Pentest and QSA services. This demonstrates FPT IS’s pioneering and leading position in the field of cybersecurity, affirming FPT IS’s commitment to customers. Being recognized by CREST boosts FPT IS’s position in the domestic market and expands opportunities for cooperation with international partners and customers, especially in high-demand sectors such as finance, banking, and e-commerce… We will continue to develop Made by FPT IS products and services that meet international standards, conquering the global market,” shared Mr. Nguyen Hoang Minh, CEO of FPT IS.
Prior to being confirmed as a member of CREST, FPT IS was a member of the Payment Card Industry Security Standards Council (PCI SSC) and is authorized to provide consulting, assessment, and certification services for PCI.DSS. Currently, FPT IS owns a global-scale Security Operations and Systems Management Center, concentrated in order to provide services to 100 international customers, with more than 1,000 employees and revenue of USD 30 million in 2026. FPT IS is accompanying many large customers in various fields, including Finance – Banking, Government, Healthcare, Logistics…
