...
Digital Asset Register, and secure destruction, it wasn't that I was not doing it, it was that I was over doing it. I am on the hoarderish side of redundancy. I had three backup Android devices, two backup laptops etc. So it was the case of getting to one good known backup device for Windows and Android, then wipe and securely dispose of the others.
Explore
Our flagship Dynamic Standard SMB1001
Multi-tiered cyber security certification standard for small and medium-sized businesses.
Purchase the Standard
A simpler way to ISO/IEC 27001.
No one starts with a black belt. As the 'coloured belts' before the black belt, SMBs can start at their level of maturity and work towards their black belt.
Abstract
SMB1001 is a multi-tiered cyber security certification standard. This standard comprises five tiers that support an organisation in their journey of developing their cyber security hygiene from Bronze to Gold tier.
SMB1001 provides organisations of any sector with guidance for developing their cyber security hygiene. This standard has a particular awareness of small and medium-sized businesses with their needs and resources being considered in the development of SMB1001.
Meeting the highest tier of SMB1001 indicates that an organisation has implemented good cyber security measures.
Adopting SMB1001 supports organisations in their path towards meeting ISO/IEC 27001 requirements. It also supports organisations in managing the likelihood and impact of potential cyber threats.
Release
20232025
General Information
Status:
Published
Publication Date:
2024-09-01
Edition:
2
Number of pages:
32
Certification Issuer:
DelveDelvedeeperdeeperintointothethedetailsdetailsofofSMB1001SMB1001
Principles of SMB1001
To ensure SMB1001 remains relevant for SMBs, we have five principles that must be maintained in any future versions of SMB1001.
Backwards compatible
Preservation of 5-level structure
Easy to understand language
Appropriate prescriptions for each level’s SMB profile
Sector agnostic
Specific sectors can provide additional guidance alongside SMB1001 if it's required.
The logos used are trademarks of their respective owners.
Promoting uptake and adoption of Essential 8 and many other frameworks.
SMB1001 has been mapped to and aligns with existing guidelines, frameworks, and standards (see Working Group), such as Australian Signal Directorate’s Essential Eight.
This means that SMBs who begin working towards complying with SMB1001 will be also starting their journey towards complying with the mapped to guidelines, frameworks, and standards.
Steering Committee
Our committee actively participates in the drafting and review process, collaborating with the community and experts from the Standards and Certification Oversight Board (SCOB). Their collective efforts enable the timely publication and regular updates of Dynamic Standards.
Updates on our Steering Committee
Sep 1, 2023
SMB1001:2023 has been published.
Sep 1, 2024
SMB1001:2025 has been published.
September 1, 2023
SMB1001:2023 has been first published.
October, 2023
First revision of 2023 edition by Steering Committee / Call for feedback.
February, 2024
Feedback reviewed by Steering Committee.
May, 2024
Feedback reviewed by Steering Committee / Final call for feedback / Approved to progress to Draft.
July, 2024
Draft presented to Steering Committee.
August, 2024
Draft approved by Steering Committee / Draft approved by SCOB for release.
September 2024
SMB1001:2025 Released.
...
Annual Publication Timeline
To keep pace with cyber threats, we update our dynamic standard annually so that businesses can certify or "vaccinate" against the latest threats.
The genesis and process of creating a Dynamic Standard is guided by an Industry Steering Committee.
A draft of a standard will undergo a period of development by the Steering Committee, and several iterations of review by the community and experts from the Standards and Certification Oversight Board (SCOB), before final publication within a year.
CSCAU provides secretariat and publication support.
This process repeats annually with Steering Committees reviewing and updating the respective published Dynamic Standards.
The quicker pace of this process overcomes the relatively-slower pace and bureaucracy of traditional standards development processes at national levels (close to 3 years) and at international levels (e.g., ISO) (close to 6 years) – empowering certified organisations with the best strategies to prevent cyber attacks relative to the latest threat types.
UnderstandingUnderstandingSMB1001SMB1001ControlsControls
People. Process. Technology.
CSCAU’s cyber security certifications are based on a ‘People, Process, Technology’ approach to managing cyber risk and cover five (5) core areas of focus.
Each of these areas are developed considering the common elements in existing cyber security guidelines and recommendations. These areas and their supporting controls also address common gaps and the “essential” controls recognised in existing industry surveys.
Technology Management
Access Management
Backup & Recovery
Policies, Plans & Procedures
Education & Training
Certification Requirements
6
Explore
Our flagship Dynamic Standard SMB1001
Multi-tiered cyber security certification standard for small and medium-sized businesses.
Purchase the Standard
A simpler way to ISO/IEC 27001.
No one starts with a black belt. As the 'coloured belts' before the black belt, SMBs can start at their level of maturity and work towards their black belt.
Abstract
SMB1001 is a multi-tiered cyber security certification standard. This standard comprises five tiers that support an organisation in their journey of developing their cyber security hygiene from Bronze to Gold tier.
SMB1001 provides organisations of any sector with guidance for developing their cyber security hygiene. This standard has a particular awareness of small and medium-sized businesses with their needs and resources being considered in the development of SMB1001.
Meeting the highest tier of SMB1001 indicates that an organisation has implemented good cyber security measures.
Adopting SMB1001 supports organisations in their path towards meeting ISO/IEC 27001 requirements. It also supports organisations in managing the likelihood and impact of potential cyber threats.
Release
20232025
General Information
Status:
Published
Publication Date:
2024-09-01
Edition:
2
Number of pages:
32
Certification Issuer:
DelveDelvedeeperdeeperintointothethedetailsdetailsofofSMB1001SMB1001
Principles of SMB1001
To ensure SMB1001 remains relevant for SMBs, we have five principles that must be maintained in any future versions of SMB1001.
Backwards compatible
Preservation of 5-level structure
Easy to understand language
Appropriate prescriptions for each level’s SMB profile
Sector agnostic
Specific sectors can provide additional guidance alongside SMB1001 if it's required.
The logos used are trademarks of their respective owners.
Promoting uptake and adoption of Essential 8 and many other frameworks.
SMB1001 has been mapped to and aligns with existing guidelines, frameworks, and standards (see Working Group), such as Australian Signal Directorate’s Essential Eight.
This means that SMBs who begin working towards complying with SMB1001 will be also starting their journey towards complying with the mapped to guidelines, frameworks, and standards.
Steering Committee
Our committee actively participates in the drafting and review process, collaborating with the community and experts from the Standards and Certification Oversight Board (SCOB). Their collective efforts enable the timely publication and regular updates of Dynamic Standards.
Updates on our Steering Committee
Sep 1, 2023
SMB1001:2023 has been published.
Sep 1, 2024
SMB1001:2025 has been published.
September 1, 2023
SMB1001:2023 has been first published.
October, 2023
First revision of 2023 edition by Steering Committee / Call for feedback.
February, 2024
Feedback reviewed by Steering Committee.
May, 2024
Feedback reviewed by Steering Committee / Final call for feedback / Approved to progress to Draft.
July, 2024
Draft presented to Steering Committee.
August, 2024
Draft approved by Steering Committee / Draft approved by SCOB for release.
September 2024
SMB1001:2025 Released.
...
Annual Publication Timeline
To keep pace with cyber threats, we update our dynamic standard annually so that businesses can certify or "vaccinate" against the latest threats.
The genesis and process of creating a Dynamic Standard is guided by an Industry Steering Committee.
A draft of a standard will undergo a period of development by the Steering Committee, and several iterations of review by the community and experts from the Standards and Certification Oversight Board (SCOB), before final publication within a year.
CSCAU provides secretariat and publication support.
This process repeats annually with Steering Committees reviewing and updating the respective published Dynamic Standards.
The quicker pace of this process overcomes the relatively-slower pace and bureaucracy of traditional standards development processes at national levels (close to 3 years) and at international levels (e.g., ISO) (close to 6 years) – empowering certified organisations with the best strategies to prevent cyber attacks relative to the latest threat types.
UnderstandingUnderstandingSMB1001SMB1001ControlsControls
People. Process. Technology.
CSCAU’s cyber security certifications are based on a ‘People, Process, Technology’ approach to managing cyber risk and cover five (5) core areas of focus.
Each of these areas are developed considering the common elements in existing cyber security guidelines and recommendations. These areas and their supporting controls also address common gaps and the “essential” controls recognised in existing industry surveys.
Technology Management
Access Management
Backup & Recovery
Policies, Plans & Procedures
Education & Training
Certification Requirements
- Guuggu
- U
- :
Costs
Here’s what I paid for over and above regular email and cloud services.
For SMB1001 Gold
Assuredly Starter Plan $990/year
SMB1001 Gold Certification $395/year
Backup - Email and Cloud Apps $115/yr
Secure Document Destruction $82
I was already paying for:
SSL Certificate $69/yr
1Password $75/yr
Backup - Files $150/yr
Additional Microsoft M365 Licence
Additional Google Workspace Licence
Additional Security tools:
Email and Web Security Monitoring $330/yr
Website Monitoring $168/yr