What Is SMB1001 Certification
SMB1001 is a cybersecurity certification framework designed specifically for small and medium-sized businesses, providing a practical, tiered approach to improving cyber resilience and demonstrating security maturity.
Created by CyberCert
Built for Small & Medium Businesses
Aligned with Australian Cybersecurity Standard
Practical, Achievable Security Controls
Understanding the SMB1001 Tier Framework
Organisations can work towards different certification levels based on the cybersecurity controls, processes, and practices implemented across their environment.
Bronze
Bronze focuses on basic cybersecurity controls that every small business should have in place. This usually includes essentials such as reliable IT support, antivirus or endpoint protection, firewall protection, automatic updates, secure passwords, and basic data backups. It is best suited for businesses starting their cybersecurity improvement journey.
Silver
Silver builds on Bronze by improving how security controls are managed and maintained. At this tier, businesses typically need stronger access control, better device management, more consistent patching, improved backup practices, and clearer internal security processes. It is suitable for businesses that already have basic protections but need more structure.
Gold
Gold represents a more complete and reliable cybersecurity posture for small and medium businesses. It usually includes stronger governance, documented security processes, vulnerability management, employee awareness, incident response planning, and more consistent risk management. This is often a practical target tier for businesses that need to demonstrate stronger security assurance.
Platinum
Platinum is for organisations that need a higher level of security confidence. This tier goes beyond internal controls and usually involves more advanced measures such as tested incident response, disaster recovery planning, stronger monitoring, and independent external audit requirements. It is suited for businesses with higher risk exposure or stronger customer, compliance, or supply chain expectations.
Diamond
Diamond is the highest SMB1001 tier and is designed for organisations with advanced cybersecurity maturity. It demonstrates that cybersecurity is not only implemented, but continuously managed, reviewed, tested, and improved. This tier is most relevant for businesses operating in high-trust, sensitive, regulated, or security-conscious environments.
Start Your Free SMB1001 Certification Readiness Assessment
Your SMB1001 Readiness Score
Identity & Access
Endpoint Security
Email & User Security
Data Protection
Vulnerability Management
Governance & Response
Preparing for an SMB1001 Assessment
Complete the readiness checklist.
Identify security gaps.
Prioritise improvements.
Implement recommended security controls.
Complete your SMB1001 assessment.
How Redscale Helps Businesses Prepare for SMB1001
Gap Assessment
Vulnerability Management
Managed Security Services
Compliance Support
Security Testing and Validation
User Security and Awareness
Access and Data Protection
Request an SMB1001 Review
Frequently Asked Questions
What is the SMB1001?
SMB1001 is a cybersecurity certification framework designed specifically for small and medium-sized businesses. It provides a practical, tiered approach to improving cybersecurity through recognised security controls and best practices. By working towards SMB1001, organisations can strengthen their cyber resilience while demonstrating their commitment to protecting business and customer information.
What is an SMB1001 readiness checklist?
An SMB1001 readiness checklist is a self-assessment tool that helps businesses evaluate whether they have the foundational cybersecurity controls expected before pursuing SMB1001 certification. It covers key areas such as identity and access management, endpoint security, data protection, vulnerability management, and governance, helping organisations identify strengths and areas for improvement.
Is this checklist an official SMB1001 assessment?
This checklist is an educational self-assessment designed to help organisations understand their current level of cybersecurity readiness. It does not replace an official SMB1001 assessment or certification process, nor does completing it guarantee certification.
How many controls should my organisation have before an assessment?
There is no minimum number of controls required before beginning an SMB1001 assessment. However, organisations that have implemented most of the foundational security controls in this checklist are generally better prepared for the assessment process. Any identified gaps can be addressed before seeking certification.
What happens if we identify security gaps?
Identifying security gaps is a valuable outcome of the readiness process. It allows your organisation to prioritise improvements, strengthen cybersecurity practices, and reduce risks before pursuing SMB1001 certification. Addressing these gaps early can also make the formal assessment process more efficient.
How often should businesses review their readiness?
Cybersecurity should be reviewed on an ongoing basis rather than as a one-time activity. As a general guide, businesses should reassess their SMB1001 readiness at least annually or whenever significant changes occur, such as adopting new technologies, expanding operations, or responding to emerging cyber threats.
Can Redscale help us prepare for SMB1001?
Redscale helps organisations prepare for SMB1001 by assessing their current cybersecurity posture, identifying gaps against SMB1001 requirements, and recommending practical improvements. Our team can also support the implementation of key security controls, including managed security services, vulnerability management, security awareness training, and other cybersecurity measures that strengthen your overall readiness for certification.
