When organizations retire IT assets, decommission data centers, or refresh end-user fleets, the hardest part is not the removal of the hardware. The true challenge is proving that every storage device was sanitized or destroyed to a standard that assures security.
Achieving accreditation to the CAS-S data sanitization scheme from the UK National Cyber Security Centre (NCSC) provides that assurance. CAS-S accreditation confirms that an IT asset disposition provider’s processes, people, facilities, and evidence trail are assessed against a defined assurance framework.
SK tes’ two UK sites are accredited for CAS-S data sanitization, providing a clear message to stakeholders: The company provides government-approved data destruction services that meet internal risk, sovereignty, and regulatory requirements.
- Defining the UK NCSC and CAS-S
- Technical Coverage Under CAS-S
- Why CAS-S is a factor in 2026 planning cycles
- What CAS-S accreditation signals to buyers
Defining the UK NCSC and CAS-S
CAS-S is a certification program run by the NCSC, the UK government’s national technical authority for cyber threats and information assurance. In that role, it establishes guidance and assurance schemes for the public and private sector in how to defend against and respond to computer security threats. That includes what standards that ITAD providers should meet. The NCSC issues public CAS-S certificates that are valid for two years.
For an ITAD provider (such as SK tes) to receive CAS-S accreditation, NCSC evaluators scrutinize all aspects of the provider’s processes. That includes operational security matters from maintenance of secure chains of custody, to physical security at its sites, to hiring processes and staff screening.
Providers also must demonstrate that they meet physical standards on media destruction: Under the latest CAS-S standard, data storage media generally must be broken down to particles less than 2mm in size.
Technical Coverage Under CAS-S
SK tes received CAS-S accreditation for its two UK sites, at Cannock, West Midlands and Irvine, Scotland, for their secure on-site shredding service. That enables SK Tes to deliver secure data destruction and sanitization services for clients across the entire UK.
Specifically, ITAD providers with CAS-S accreditation are authorised to provide:
- Mobile (offsite) destruction services up to SECRET: Devices are destroyed at the client’s premises, ensuring sensitive information never leaves the organisation's custody.
- Onsite destruction services up to OFFICIAL: Secure destruction of data-bearing devices at a secure facility, suitable for highly sensitive data.
- Onsite and offsite sanitisation for reuse and up to OFFICIAL: Devices can be sanitised for secure reuse, either at client sites or at accredited facilities.
In combination, CAS-S accreditation means SK tes can provide clients with auditable, government-aligned device destruction and data sanitisation, with minimal disruption of operations.
Why CAS-S is a factor in 2026 planning cycles
Across the UK and Europe, organizations are managing three IT pressures at once:
- Faster refresh and decommissioning timelines
- Higher audit expectations for data protection and supply chain security
- More complex media types, especially solid-state storage
In practice, this means sanitization and destruction programs need to be repeatable and auditable at scale. Accreditation proves adherence to a standard, and helps reduce ambiguity when internal stakeholders ask, “How do we know the provider did what they said they did?” CAS-S data sanitization accreditation delivers what those stakeholders want: defined methods, disciplined execution, and reporting that can support internal audit and external inquiries.
What CAS-S accreditation signals to buyers
In one sense, CAS-S accreditation is a quality assurance mark, signifying how data is securely destroyed on storage devices that have handled government-classified or sensitive information. But it is not simply a marketing badge.
For procurement teams, security leaders, and compliance/risk owners, it signifies that the ITAD provider has been evaluated against an NCSC-established scheme, aligned with HMG Information Asset policy. It ensures a focus on secure destruction and sanitisation outcomes, including the auditability of those outcomes through witnessed destruction and certificates of destruction.
This matters because in today’s security environment, statements of good faith about data wiping are no longer sufficient. Data is both more valuable and more sensitive than ever, and organizations increasingly need a defensible chain of custody, clear methods by media type, and documentation that the method used matched the risk level and device characteristics.
Accreditation to the CAS-S data sanitization scheme means the organization’s ITAD partner can provide secure data destruction through offsite and on-site shredding, but also the proof of compliance that CIOs, CISOs and other decision-makers demand.
To learn more, contact the experts at SK tes: https://www.sktes.com/contact-us/sales
See how SK Tes can help you today
