The NCSC CAS-S Scheme Has Been Retired

“The vendors who act now go into the mandate with a current assurance output — not a queue position”

CAS-S closed in January 2026. The only route to NCSC-recognised sanitisation assurance is now through an independent CRTF. SecurLab is one of the few in the UK.

Self-certification is no longer accepted. Your regulated clients are already asking the question.

Your regulated clients need more than your word for it.

Government departments, financial services firms and healthcare organisations are reviewing their ITAD supplier lists right now. They need evidence of NCSC-recognised assurance and the old CAS-S route no longer exists.

Our ITAD provider held CAS-S. What do they hold now?

This question is being asked in procurement reviews across the UK's regulated sectors. If you cannot answer it with a current CRTF-backed assurance output, another provider will.

What Our NCSC Certified Sanitisation Assessment Covers

Process & Methodology

Sanitisation methods by media type

HMG IS5 and NCSC standard alignment.

Chain of Custody

Collection security

Transfer controls

Facility access

Physical Destruction

Equipment capability

Sub-2mm particle evidence

Verification records

Documentation & Audit

Certificates of destruction

Record integrity

3-year retention

Staff & Facility Security

Vetting procedures

Physical security

Access management

Quality Management

Consistency controls

Oversight processes

Continual improvement

The Timeline You Need to Know

Jan 2026

CAS-S closed. Old route no longer exists.

Now

Regulated clients reviewing ITAD supplier lists.

Q2–Q3 2026

Procurement teams excluding non-assured ITAD providers.

2027

DUAA 2025 enforcement intensifies. Fine risk peaks

WHY SECURLAB?

FULL ACCREDITATION STACK

ISO 17020 (Pending) | ISO 27001 | ISO 9001 | CE+

The most comprehensive assurance credential set available from an independent specialist.

INDEPENDENT

We do not consult for the clients we assess.

Our output is credible because our independence is structural, not claimed.

NCSC-LISTED CRTF

One of the only independent specialist CRTFs in the UK.

Listed on the NCSC website — the credential procurement teams recognise.

FASTER AND CLEARER

Workflow platform reduces delivery time without reducing quality.

You know what we are assessing, what evidence we need, and what the output will look like.

FAQs

  • Yes. CAS-S closed in January 2026. To maintain NCSC-recognised sanitisation assurance, you must now go through a CRTF assessment. Your previous CAS-S recognition cannot be renewed through the old process.

  • Typically 2–4 weeks from instruction to report, depending on the number of sanitisation methods and operational complexity. Our readiness review takes around 2 weeks and tells you exactly what formal assessment involves.

    We can go quicker if you have the evidence to hand.

  • Process documentation, equipment specifications, chain of custody records, staff vetting evidence, facility security controls, and sample certificates of destruction. Our platform guides you through exactly what is needed.

  • Yes. The readiness review is a fixed-fee standalone engagement. If you proceed to formal assessment, the readiness review findings inform the assessment scope, removing duplication.

  • Yes. Securlab is listed on the NCSC website as a Cyber Resilience Test Facility. Our assessment output is produced against the NCSC's published Assurance Principles and Claims for sanitisation which is the same standard your regulated clients are requiring.