NCSC Certified Cyber Resilience Test Facility (CRTF)

SecurLab is a privately owned UK sovereign cyber security company delivering independent assurance for software, hardware, and ITAD providers. Your regulated clients need independent evidence of your products security posture - we provide it in three - six weeks.

We deliver trusted, independent cyber assurance aligned to the National Cyber Security Centre’s (NCSC) Principles‑Based Assurance framework and we provide readiness, certification, and ongoing assurance maintenance giving organisations clear, defensible confidence in their security. Our approach is pragmatic and evidence‑driven, designed to give organisations confidence that their products, services, and processes meet the expectations of high‑assurance environments.

Digital illustration of a web page with a padlock symbol in front, representing online security and data protection.

Book Your Free Assessment Now

Get a free expert-led gap analysis supported by SecurLab’s portal to understand your current position against either:

  • NCSC Principles Base Assurance or

  • NCSC Sanitisation (replacement for CAS-S)

Book My Free Assessment

What Does an NCSC Certified CRTF do?

A Cyber Resilience Testing Facility (CRTF) is an NCSC approved body that independently assesses cyber security products and services

Product Assurance Assessment

  • Verify security claims - Independently validate security claims against NCSC principles, no self‑attestation.

  • Assess real world claims - Confirm controls are effective in practice, not just in design or documentation.

  • Support assurance pathways - Outcome focused assurance aligned to modern, evolving systems, not checklists.

  • Enable trusted procurement - Enable structured progression from readiness to independent and ongoing assurance.

Sanitisation Assurance Assessment

  • Sanitisation is a replacement for CAS-S where IT Asset Destruction companies were assessed to ensure data is irrecoverable, not just removed.

  • Independent validation buyers trust - Sanitisation outcomes assessed against NCSC principles, no supplier self‑attestation.

  • Aligns secure disposal with expectations - Supports outcome‑focused, CRTF‑aligned assurance for secure disposal and reuse.

  • Produces audit / procurement evidence - Produces structured, traceable evidence that stands up to scrutiny and simplifies due diligence

Why NCSC Assurance Matters?

  • CRTF‑aligned Principles‑Based Assurance replaces self‑attestation with independent validation of security outcomes. Assurance is based on evidence that controls are effective in practice, assessed by an independent party against recognised NCSC principles—removing reliance on trust or supplier assertions.

  • NCSC‑aligned assurance provides credible, decision‑grade evidence that stands up to procurement, audit, and regulatory scrutiny. Structured, traceable artefacts demonstrate that security claims are backed by verified outcomes, increasing confidence for buyers operating in risk‑sensitive environments.

  • CRTF and PBA reflect how the UK government expects cyber risk to be managed across public sector and critical supply chains. Aligning to NCSC principles demonstrates conformance with national best practice, reducing friction in public sector engagement and regulated procurement.

  • CRTF‑aligned assurance makes organisations easier to buy from. Independent validation reduces due‑diligence effort, shortens procurement cycles, and differentiates suppliers whose security claims are supported by outcome‑based evidence rather than checklist compliance.

  • Principles‑Based Assurance prioritises what security achieves, not just what controls exist. Evidence demonstrates that systems are secure by design, build, deployment, and operation—providing assurance that reflects real‑world behaviour, not point‑in‑time intent.

  • CRTF is designed to support ongoing, change‑driven assurance. As systems, suppliers, and threats evolve, assurance is maintained through updated evidence and reassessment ensuring confidence remains valid over time, not just at the moment of assessment.

Why Choose Us?

Green shield with a checkmark in the center indicating security or protection

NCSC Aligned Expertise

  • Independently validated outcomes

  • Credibility buyers can rely on

  • Aligned to government expectations

  • Confidence that endures change

Green award ribbon with a check mark in the center.

Efficient Process

  • Clear, structured assessment approach

  • Dedicated platform, reduces assessment time

  • Reduced burden on delivery teams

  • Designed to scale and repeat

Clipboard with checkmarks and a large checkmark circle indicating completion or approval

Independent / Certified / Trusted

  • Independently owned

  • ISO 27001 / ISO 9001 / Cyber Essentials Plus

  • Unbiased evaluation

  • Confidence through objectivity

Who We Work With

  • Cyber Security Vendors

  • SaaS & Tech Providers

  • ITAD Companies

  • Government Suppliers

  • Critical Infrastructure

  • Product Vendors

Start Your CRTF Assessment Today