A practical, cost-effective, and scalable cybersecurity standard designed specifically for small and medium-sized businesses. Build your security maturity from Bronze to Gold tier.
SMB1001 is a multi-tiered cybersecurity certification standard comprising five tiers that support organizations in their journey of developing their cybersecurity hygiene from Bronze to Gold tier.
This standard provides organizations of any sector with guidance for developing their cybersecurity hygiene, with particular awareness of small and medium-sized businesses and their unique needs and resources.
Meeting the highest tier of SMB1001 indicates that an organization has implemented good cybersecurity measures. Adopting SMB1001 supports organizations in their path towards meeting ISO/IEC 27001 requirements while managing the likelihood and impact of potential cyber threats.
Progressive levels allowing you to start where you are and build cybersecurity maturity at your pace
Basic preventive controls including firewalls, antivirus, software updates, and password management.
Advanced preventive measures with additional layers of protection against sophisticated threats.
Holistic risk management approach addressing people, processes, and technology in a coordinated manner.
Advanced governance procedures with formal rules and policies for managing cybersecurity.
Mature cybersecurity program with best practices in risk management and governance.
Based on a 'People, Process, Technology' approach to managing cyber risk
Overseeing and securing all technology assets including hardware, software, and networks with up-to-date systems and proper security configurations.
Ensuring only authorized personnel access sensitive data and systems through strong passwords, multi-factor authentication, and activity monitoring.
Regular backups of critical data and recovery plans to restore systems after cyber incidents, minimizing downtime and data loss.
Clear cybersecurity policies and contingency plans defining how to manage risks, respond to incidents, and protect sensitive information.
Ongoing cybersecurity training ensuring employees understand threats and best practices, creating a strong human line of defense.
Start at the appropriate level based on your current cybersecurity needs and grow at a pace that fits your resources and capabilities.
Unlike enterprise-focused standards like ISO/IEC 27001, SMB1001 is designed specifically for small and medium businesses with realistic costs and resource requirements.
Updated annually by industry experts to stay aligned with the ever-changing cyber threat landscape, unlike many standards that update infrequently.
Demonstrate your cybersecurity maturity to clients, partners, and procurement processes. Gain a competitive advantage when bidding for contracts.
Contact our team to discuss how we can help you achieve SMB1001 certification