SMB1001 is a purpose-built cyber security certification designed specifically for small and medium-sized businesses (SMBs). Unlike complex frameworks such as ISO 27001, SMB1001 offers a practical, affordable, and scalable approach to cyber security, making it accessible even for organizations without dedicated IT teams or large budgets.
Recognizes the unique challenges faced by smaller organizations, including limited resources and expertise.
Provides a lower-cost alternative to enterprise-level certifications, helping businesses achieve compliance without breaking the bank.
Certification demonstrates a commitment to security, which can reassure clients, partners, and regulators.
Uses a tiered certification model, allowing businesses to start with basic protections and gradually enhance their security as they grow.
| Level | Focus | Key Requirements | Verification |
|---|---|---|---|
| Bronze | Baseline protection | IT support, firewalls, antivirus, auto-updates, backup/recovery, password policies | Director attestation |
| Silver | Access and scam prevention | MFA on emails, TLS for websites, password managers, no shared logins, confidentiality agreements | Director attestation |
| Gold | Advanced controls | Asset registers, secure device disposal, cyber security policy, incident response plan, training | Third-party audit |
| Platinum | Enhanced resilience | Advanced monitoring, regular vulnerability assessments, business continuity planning | Third-party audit |
| Diamond | Highest standard | Continuous improvement, alignment with global frameworks, leadership in cyber security | Third-party audit |
Each level builds upon the previous, so businesses can progress at a pace that matches their growth and risk profile.
Every control in the SMB1001 framework fits into one of these core areas:
Technology Management: Firewalls, antivirus, patch management, secure configurations.
Access Management: MFA, individual logins, strict admin rights.
Backup and Recovery: Regular data backups, tested recovery plans.
Policies and Processes: Written security policies, incident response, asset registers.
Education and Training: Ongoing staff awareness and cyber security training.
Reduces risk of data breaches, ransomware, and scams.
Designed for non-technical staff and simple to roll out.
Lays the groundwork for more advanced certifications like ISO/IEC 27001.
Helps win contracts and build customer trust by demonstrating robust security practices.
Expanded to Five Levels: Now includes Platinum and Diamond tiers for advanced organizations.
Alignment with Global Standards: SMB1001 now aligns with frameworks like the ACSC Essential Eight, UK Cyber Essentials, and US CMMC.
Annual Review:The standard is updated yearly to address emerging cyber threats and best practices.
Cybercrime is a growing threat, with Australian SMBs losing an average of $46,000 per incident in 2024. SMB1001 provides a clear, achievable, and affordable roadmap to protect your business, meet regulatory requirements, and build trust with your customers and partners.
By starting your journey today, you’ll not only strengthen your defences against cyber threats but also build trust with your customers and partners.
Fill out the form to learn more or to get started with SMB1001 certification—our team will guide you every step of the way!
