SMB1001

Owned by Jodie Miners
Last updated: Sept 15, 2024
2 min read

SMB1001 is a Standard against which businesses, particularly Small Businesses, can self assess and self attest their cybersecurity measures within their business.

There are 3 base levels of SMB1001 that are based on self attestation, and two higher levels that require external audit. This page will focus on the 3 base levels (Bronze, Silver and Gold), and the steps to achieving Gold. This allows the business to start with the absolute basics, like patching, firewalls, and anti-virus software, and then go up to the next level once they have the next level of requirements in place. This is a step-by-step approach to be more focused on cybersecurity in the business.

The Standard includes different aspects of cybersecurity including training, backup, incidents, policies and procedures, technology, passwords etc.

Once the business has determined they have met the requirements for one of the 3 base levels, they can apply for, and pay for, Certification from CyberCert. Getting the certification is a way to show that you and your business are committed to good cybersecurity practices in your business, and with the data of your customers, clients, and other third parties.

There are also products like Assuredly that have an app that will help businesses go through the steps to certification, or there are companies like Managed Service Providers who will step you through the process.

The Standard: https://cscau.com.au/standards

“SMB1001 provides organisations of any sector with guidance for developing their cyber security hygiene. This standard has a particular awareness of small and medium-sized businesses with their needs and resources being considered in the development of SMB1001.

Meeting the highest tier of SMB1001 indicates that an organisation has implemented good cyber security measures.”

The Certifier: https://www.cybercert.ai/en-au/

The Documentation: https://www.cybercert.ai/SMB1001-2023CPS.pdf

Certification like this should ideally be a confirmation of what your business is already doing to protect it from cybersecurity threats.

I would love to see this certification, at the Gold Level take the place of all the irrelevant questions you are asked in your annual cybe insurance renewal.