The CRTF Sanitisation Standard ensures that service providers can demonstrably and consistently sanitise or destroy data-bearing assets in a manner that mitigates the risk of data compromise. The certification provides customers, regulators, and partners with confidence that sanitisation activities meet stringent, independently verified security outcomes.

Scope of Certification

The service applies to organisations delivering:

• Physical destruction of data-bearing assets (e.g. shredding, crushing, degaussing)

• Logical sanitisation (e.g. secure wiping, cryptographic erasure)

• End-to-end handling of media, including collection, transport, processing, and disposal

• Supporting processes such as chain of custody, personnel security, and facility controls

SecurLab adopts a Principles-Based Sssurance (PBA) methodology aligned with NCSC guidance.

Rather than checklist compliance, the assessment evaluates whether the organisation’s controls effectively achieve defined security outcomes.

The certification process includes:

1. Application & Scoping – Definition of services, locations, and assets within scope

2. Document & Evidence Review – Assessment of policies, procedures, and control design

3. Assessment – Review of facilities, processes, and operational practices

4. Technical Validation – Verification of sanitisation methods and their effectiveness

5. Reporting & Certification Decision – Independent determination and issuance of certification

The evaluation is structured around key assurance principles, including:

• Secure handling and tracking of data-bearing assets

• Effectiveness and appropriateness of sanitisation techniques

• Integrity of the chain of custody

• Personnel trustworthiness and operational discipline

• Physical and environmental security of facilities

• Transparency and accuracy of customer reporting

Certified organisations receive:

• Formal CRTF Sanitisation Certification

• A detailed assessment report outlining findings and assurance outcomes

• Authorisation to be listed as a certified provider under the NCSC CRTF scheme (subject to NCSC processes)

• Replaces legacy CAS-S certification with a modern, NCSC-aligned standard

• Enhances market credibility and trust with government and enterprise customers

• Demonstrates independently validated security outcomes

• Supports compliance with regulatory and contractual data protection requirements

• Differentiates providers in a competitive sanitisation and disposal market

SecurLab combines deep expertise in cybersecurity assurance, ISO-aligned auditing, and NCSC frameworks to deliver rigorous, consistent, and commercially relevant certification services.

Our approach ensures not only compliance, but demonstrable security assurance that stands up to real-world scrutiny.

The NCSC CRTF Sanitisation Standard represents the next generation of data destruction assurance.

Securlab’s certification service enables providers to transition from legacy CAS-S accreditation to a more robust, outcome-focused model ensuring trust, security, and confidence in the handling of sensitive data at end-of-life