The NCSC recommends that HMG organisations use testers and companies which are part of the CHECK scheme. Non-governmental organisations should use teams qualified under one of these certification schemes: CREST, Tiger scheme, Cyber Scheme.

https://www.ncsc.gov.uk/guidance/penetration-testing