SMB1001 Cyber Security Certification
Australia’s cyber security certification built specifically for small and medium businesses. We are an official CyberCert Certification Partner and SMB1001 Gold certified ourselves. We guide you from assessment through to certification at any level.
Start Your Certification or call 1300 619 750A Cyber Security Certification Designed for Businesses Like Yours
SMB1001 is a multi-tiered cyber security certification developed by Dynamic Standards International and delivered through CyberCert. Unlike enterprise frameworks like ISO 27001, SMB1001 was built specifically for small and medium businesses with 5 to 200 staff. It provides a clear, affordable, and practical path to proving your cyber security posture to clients, partners, insurers, and regulators.
The standard uses five certification tiers (Bronze through Diamond), each building on the last. You start at the level that matches your current capability and progress as your business grows. The standard is updated annually to keep pace with evolving threats. The current version is SMB1001:2026.
Why Businesses Need It
Clients and supply chain partners are increasingly asking suppliers to prove their cyber security posture. Cyber insurers are tightening requirements. Government agencies and large enterprises now expect certification from vendors. SMB1001 gives you independent, verifiable proof that your business takes security seriously.
How It Connects to Other Frameworks
SMB1001 aligns with the Australian Essential Eight, UK Cyber Essentials, and the US CMMC framework. It also serves as a practical stepping stone toward ISO 27001 certification. Many of the controls overlap, so achieving SMB1001 Gold puts you in a strong position for broader compliance down the track.
Five Tiers of Increasing Maturity
Each SMB1001 level builds on the one before it. You do not need to start at Gold. Most businesses begin at Bronze or Silver and work their way up. We help you identify the right starting point and create a roadmap to your target level.
Foundational Security
Essential controls for businesses just starting out with cyber security.
- Engage a technical support specialist
- Install and configure a firewall
- Install antivirus on all devices
- Automated software patching
- Strong password hygiene
- Backup and recovery strategy
- Staff cyber security awareness training
Establishing Baselines
Formalises cyber practices with access controls and email security.
+ Everything in Bronze, plus:
- TLS certificates on all public websites
- Server patching and updates
- Remove admin privileges from staff accounts
- Individual user accounts for all employees
- Password manager system
- MFA on all email accounts
- Email authentication and anti-spoofing
- Confidentiality agreements for staff and contractors
- Invoice fraud management policy
- Visitor register
Risk-Based Maturity
Advanced monitoring, governance, and incident response. This is where most compliance-driven businesses should aim.
+ Everything in Silver, plus:
- Endpoint Detection and Response (EDR/MDR)
- MFA on all business apps and social media
- RDP only over VPN connections
- Cyber insurance maintained
- Formal cyber security policy
- Cyber incident response plan
- Secure physical document destruction
- Secure device disposal
- Digital asset register
- AI acceptable use policy
SMB1001:2026 also includes Platinum (Level 4) and Diamond (Level 5) tiers for businesses requiring enhanced governance, external assurance, and maximum maturity. These higher tiers are relevant for businesses in defence supply chains, critical infrastructure, or those progressing toward ISO 27001. We can advise on whether Platinum or Diamond is appropriate for your business.
Why Get Certified Through Us
We Hold SMB1001 Gold Ourselves
We are not just advising on certification. We have gone through the process ourselves and hold SMB1001 Gold certification. We practise what we recommend and understand the requirements from first-hand experience.
Official CyberCert Certification Partner
We are an authorised CyberCert partner. That means we can guide you through the entire certification process end to end: assessment, technical implementation, documentation, evidence collection, and certification submission.
We Implement, Not Just Advise
Many consultants hand you a gap report and leave. We implement the actual technical controls your business needs: MFA, EDR, patching, application control, email security, privileged access management, backups, and monitoring. You get compliance that is real, not just on paper.
Ongoing Compliance Management
SMB1001 certification requires annual renewal. The standard is updated every year. We maintain your compliance posture, update your policies, and ensure you are ready for recertification without a last-minute scramble.
How We Get You Certified
Readiness Assessment
We audit your current security posture against SMB1001 requirements at your target level. This identifies what you already have in place, what gaps need closing, and roughly how long certification will take. The assessment is free.
Remediation and Implementation
We deploy the technical controls required for your target tier: endpoint protection, EDR, MFA, email authentication, patching, access controls, backups, and monitoring. We also develop the required policies and documentation (cyber security policy, incident response plan, AI acceptable use policy, etc.).
Evidence Collection
We compile the evidence required for certification: screenshots, configuration reports, policy documents, training records, and compliance logs. This is the part most businesses find tedious. We handle it for you.
Certification Submission
We submit your certification application through CyberCert with all required evidence. Certification at Bronze, Silver, and Gold levels is based on director attestation. Once approved, you receive your SMB1001 certificate and digital badge.
Ongoing Maintenance
SMB1001 is not a set-and-forget certification. The standard updates annually and your controls need to remain active. We monitor your compliance posture, update your documentation as the standard evolves, and ensure you are ready for annual recertification.
What SMB1001 Certification Does for Your Business
Who SMB1001 Certification Is Designed For
- Businesses with 5 to 200 employees looking for an affordable, practical cyber security certification
- Companies that have been asked by clients or supply chain partners to demonstrate their security posture
- Businesses applying for cyber insurance and needing to demonstrate security controls
- Organisations in healthcare, legal, finance, construction, or government supply chains with compliance obligations
- Businesses that find ISO 27001 too complex or expensive for their current size but still need formal certification
- Companies that want to use certification as a competitive differentiator when bidding for work
- Directors who need to demonstrate due diligence on cyber security to stakeholders
SEQ IT Services holds SMB1001 Gold certification and is an official CyberCert Certification Partner. We have been through the process ourselves and understand what is involved at every level. With over 20 years of experience supporting businesses across South East Queensland, we make certification achievable, practical, and genuinely beneficial for your business.
Frequently Asked Questions
What is the difference between SMB1001 and ISO 27001?
ISO 27001 is an international standard for information security management systems. It is comprehensive, expensive, and designed primarily for larger organisations. SMB1001 was built specifically for small and medium businesses. It is more affordable, more practical, and uses a tiered approach so you can start small and progress over time. Many of the controls overlap, so SMB1001 is an excellent stepping stone toward ISO 27001 if that is your longer-term goal.
Which level should we aim for?
It depends on your industry, your clients, and your risk profile. Bronze is the starting point for businesses with basic security in place. Silver suits businesses that want to formalise their controls with MFA and email security. Gold is where most compliance-driven businesses should aim, especially those in regulated industries, handling sensitive data, or needing to satisfy supply chain requirements. We assess your situation and recommend the right target level.
How long does certification take?
Bronze can often be achieved within 2 to 4 weeks for businesses that already have basic controls in place. Silver typically takes 4 to 6 weeks. Gold takes 6 to 12 weeks depending on how much remediation is needed. We provide a clear timeline after the initial assessment.
Does SMB1001 help with cyber insurance?
Yes. SMB1001 certification demonstrates to insurers that your business has specific security controls in place. Many of the controls required for Gold certification (MFA, EDR, patching, backups, incident response planning, privileged access management) are exactly what insurers look for. Certification can help you secure better terms, lower premiums, and avoid coverage disputes.
Is SMB1001 recognised outside Australia?
Yes. SMB1001 is developed by Dynamic Standards International and aligns with international frameworks including UK Cyber Essentials and US CMMC. Certification is available globally from 2025. The standard is increasingly recognised by enterprises, governments, and insurers across Australia, New Zealand, and internationally.
What happens after we are certified?
SMB1001 certification is valid for one year. The standard is updated annually, so recertification ensures your controls remain current. We maintain your compliance posture throughout the year, update documentation as the standard evolves, and manage the recertification process so you do not need to worry about it lapsing.
Can we display our certification?
Yes. Once certified, you receive a digital badge and certificate from CyberCert that you can display on your website, in proposals, in email signatures, and in tender responses. This is one of the most valuable aspects of certification: visible, verifiable proof of your security posture that clients and partners can trust.
What does this cost?
Certification costs depend on your target level and how much remediation is required. For businesses already on our managed IT or managed security plans, many of the technical controls are already in place, which reduces the project scope significantly. The initial readiness assessment is free.