The National Cyber Security Centre (NCSC) has introduced a new UK assurance methodology focused on strengthening the cyber resilience of connected products and services. AMR CyberSecurity, Part of Infinum, is now one of only four organisations in the UK authorised to deliver this independent evaluation.
As cyber threats escalate, organisations need clear evidence that the technology they rely on can withstand real-world attacks. The NCSC’s Cyber Resilience Test Facility (CRTF) scheme provides that assurance through structured, independent testing against nationally defined standards.
A new benchmark for independent cyber assurance
Certified Cyber Resilience Test Facilities are authorised to assess connected products using the NCSC’s Principles-Based Assurance (PBA) methodology and its Assurance Principles & Claims (APCs).
In practical terms, this means we independently test how well a product resists cyber attacks through its public interfaces – the points most commonly targeted by threat actors. The outcome is evidence-based assurance that demonstrates real-world resilience, not just policy compliance.
For technology vendors, this provides a credible way to verify security claims and demonstrate alignment with recognised national standards to customers and stakeholders. For buyers, it delivers greater confidence when selecting products and managing supply chain risk.
A trusted position in a select group
CRTF status is awarded only to organisations that can demonstrate proven technical expertise, robust assessment processes, and operational independence.
With only four certified facilities in the UK, this recognition reinforces our position as a trusted authority in cyber resilience testing.
Our services now enable technology vendors to:
- Independently verify the cyber resilience of connected products and services
- Demonstrate alignment with the NCSC’s Assurance Principles & Claims
- Provide clear, structured evidence to customers, stakeholders, and regulators
- Identify and mitigate potential security risks before products reach the market
“Being one of only four certified Cyber Resilience Test Facilities in the UK is both a significant milestone and a strong endorsement of our technical capability and independence,” said Martin Walsham, Director at AMR CyberSecurity, Part of Infinum.
This certification reflects the depth of expertise within our team and our commitment to raising the standard of cyber resilience across the technology sector. We are proud to support vendors in demonstrating robust, evidence-based assurance that strengthens confidence throughout the supply chain.
MARTIN WALSHAM
DIRECTOR, AMR CYBERSECURITY,
PART OF INFINUM
Why Cyber Resilience Testing matters now
Cyber threats are evolving rapidly, and organisations can no longer rely solely on compliance statements or self-attestation. Independent, structured assurance strengthens supply chain confidence, supports informed procurement decisions, and promotes higher security standards across the UK market.
This certification marks an important step forward in our mission to enhance cyber resilience nationwide. As a certified CRTF, we look forward to working with vendors to build stronger, more secure connected products and contribute to a more resilient digital future.
If you would like to assess your product’s cyber resilience or understand your third-party cyber risk exposure, contact our senior consultants to learn how we can support you.