Skip to content

Southern Cyber

SMB1001:2025
Cyber Security Certification for SMBs

Our approach to implementing the SMB1001:2025 standard is not only efficient but also cost-effective. With years of experience aligning businesses to ISO27001, a leading international framework for information security management, we bring proven strategies that streamline the integration of security practices. This allows us to simplify the process, offering affordable solutions that minimise disruption to daily operations.

The SMB1001:2025 standard is designed to help small and medium-sized businesses (SMBs) enhance their cybersecurity posture. Developed and updated annually by Cyber Security Certification Australia (CSCAU), the standard aims to provide a comprehensive, scalable approach to securing digital assets against evolving threats. By offering a multi-tiered certification model, ranging from Bronze to Diamond, SMBs can select a level that aligns with their current cybersecurity maturity and operational needs. The standard also incorporates global best practices, aligning with frameworks like the Australian Essential Eight, UK Cyber Essentials, and the US Cybersecurity Maturity Model Certification​ (CSCAU).

Through this structured approach, SMBs can build resilient, future-proof cybersecurity systems that grow with their business.

SMB1001:2025 was created to align with ASD’s Essential Eight while incorporating modifications to better serve small and medium-sized businesses (SMBs). The Essential Eight emphasises eight technical controls aimed at safeguarding an organisation’s IT network. As a complementary standard promoting the adoption of the Essential Eight, SMB1001:2025 takes a wider perspective, acknowledging the significance of cyber security culture and policies, given that not all SMBs may possess the necessary computer network architecture for the Essential Eight.

SMB1001:2025 adopts a complementary approach to how maturity is integrated into the standard and guidelines. In the Essential Eight, advancing through the four maturity levels results in a corresponding increase in maturity for each of the eight controls. In contrast, SMB1001:2025 allows for a gradual enhancement of maturity by adding new controls or elevating the maturity of specific ones.

By not mandating uniform maturity across all controls at each level, SMB1001:2025 acknowledges that achieving equal maturity for all controls may not be practical or applicable for SMBs. For example, multi-factor authentication (MFA) is introduced at Level 2 (Silver), with more advanced MFA options provided as the organisation moves to higher levels. Conversely, ‘routinely changing passwords’ is introduced at Level 1 (Bronze) without further maturity enhancements in subsequent levels, recognising that some controls may be matured further by an SMB while others may not require additional development.

At the core of our mission is empowering businesses to achieve the cybersecurity standards laid out in the SMB1001:2025 version 2.0 framework. This standard, updated annually to reflect the fast-paced changes in the cybersecurity landscape, provides a clear pathway for businesses to improve their digital resilience. Here’s an overview of how we guide our partners through the certification process:

Tiered Certification

We provide flexible, multi-tiered certification levels (Bronze, Silver, Gold, Platinum, Diamond), allowing businesses to start at a level that matches their current cybersecurity posture and grow over time. This is also a healthy path forward if your organisation wishes to align with any additional security frameworks such as the ISO27001:2022 standard.

Implementation Support

Our team offers hands-on guidance throughout the journey to certification, assisting in the integration of cybersecurity measures across various levels of the standard.

Alignment with International Standards

The SMB1001:2025 standard aligns with global cybersecurity frameworks such as the Essential Eight, UK Cyber Essentials, and the US Cybersecurity Maturity Model, ensuring that your business’s information security practices are compliant.

Focus on SMBs

We recognise the unique challenges faced by small and medium-sized businesses, including limited resources and technical expertise. Our solutions are designed to be affordable and scalable to meet these needs.

Annual Updates

The threat landscape is constantly evolving. The SMB1001:2025 standard is updated annually to stay ahead of emerging cyber threats. We provide continuous support to ensure that businesses remain compliant with the latest updates.

Streamlined Documentation

We simplify the often complex process of documentation and compliance reporting, making it easier for SMBs to manage and maintain their certifications.

Post-certification Support

Once certified, businesses benefit from ongoing support, including training, system updates, and regular reviews to ensure continued compliance and security.

The Certification

Are you considering embarking on the SMB1001:2025 journey to establish a robust information security management system for your organisation? Look no further! Our cybersecurity company specialises in making this journey simple and hassle-free. Mandatory security alignments to different frameworks are near legislation. Get ahead today.

See below for some frequently asked questions relating to the SMB1001:2025 framework.

SMB1001:2025 FAQs

What is SMB1001:2025?

SMB1001:2025 is a cybersecurity standard designed specifically for small and medium-sized businesses (SMBs) to enhance their security posture while aligning with the Australian Cyber Security Centre’s (ACSC) Essential Eight framework.

How does SMB1001:2025 differ from the Essential Eight?

While the Essential Eight focuses on eight specific technical controls and requires uniform maturity across all controls, SMB1001:2025 provides a more flexible approach, allowing organisations to enhance maturity at their own pace and prioritise controls relevant to their specific needs.

Who should implement SMB1001:2025?

SMB1001:2025 is intended for small and medium-sized businesses that may not have the same resources as larger organisations but still need to establish a robust cybersecurity framework.

What types of controls are included in SMB1001:2025?

The standard includes a range of controls focused on both technical measures (like multi-factor authentication) and organisational practices (like cybersecurity policies and culture) to support comprehensive cybersecurity.

What if my business cannot meet all the controls?

SMB1001:2025 recognises that not all controls may be relevant or feasible for every SMB. Organisations are encouraged to prioritise controls based on their specific context and capabilities.

What are the main areas covered by SMB1001:2025?

SMB1001:2025 covers five key areas:

  1. Technology Management
  2. Access Management
  3. Backup & Recovery
  4. Policies and Processes
  5. Education & Training

How many levels are there in SMB1001:2025?

There are five levels in the SMB1001:2025 certification:

  • Level 1 (Bronze)
  • Level 2 (Silver)
  • Level 3 (Gold)
  • Level 4 (Platinum)
  • Level 5 (Diamond)

Each level has specific requirements that help organisations progressively improve their cyber security posture

What is the certification process for SMB1001:2025 for an SMB?

SMB1001:2025 can be used to certify an SMB. An SMB can choose their certification level and do not need to complete all levels.

After implementing the requirements for the specified level, the SMB needs to attest that the requirements are implemented.

Level 1 to 3 (Bronze, Silver and Gold) only requires a self- attestation by the SMB’s owner or director. For Platinum and Diamond, additional third-party verification is required for the certification.

Once the SMB has completed and received their certification, they are able to share their certification with their broader supply network as badges or certificates.

This provides evidence that the SMB has implemented the required cyber security controls. They will only need to complete the certification once to share with their broader supply network.

The SMB will need to repeat the certification annually.

What are the benefits of getting SMB1001:2025 certified?
  • Improved cyber security practices and protection against cyber threats and scams
  • Competitive advantage when bidding for contracts that will require a cyber security certification
  • Better preparedness for complying with other more complex cyber security frameworks and regulations
  • Increased customer and partner confidence

Contact us






    Tel: 1300 080 002

    Level 7, 115 King William Street, Adelaide SA 5000