Cybercraft
← Back to In a Box services In a Box Β· One-Time

A recognised cybersecurity credential your clients and insurers will actually know.

SMB1001 is the Australian Cyber Security Centre's certification framework designed for small and medium businesses. Bronze is achievable in weeks β€” and gives you documented proof of your security posture.

What is SMB1001?

SMB1001 (Small and Medium Business 1001) is the ASD's cybersecurity certification framework built specifically for businesses that don't have the resources for full ISO 27001 implementation. It has three tiers β€” Bronze, Silver, and Gold β€” each representing a progressively higher level of security maturity.

Bronze is the entry level. It covers 12 fundamental controls across areas like access management, patching, backups, and secure configuration. For most SMEs, Bronze is achievable within a few weeks with the right guidance β€” and produces a verifiable certification you can present to clients, insurers, and government procurement teams.

Unlike generic security checklists, SMB1001 certification is verifiable and ASD-endorsed. It sits alongside Cyber Essentials and Essential Eight as an evidence-based credential the AU market recognises.

SMB1001 certification tiers

Bronze

12 fundamental controls. Achievable in weeks. Our starting point for most SMEs.

Silver

Builds on Bronze with additional controls. Typically 2–3 months for a prepared organisation.

Gold

Advanced controls and third-party assessment. Appropriate for organisations in high-risk sectors or government supply chains.

Deliverables

  • Gap assessment against SMB1001 Bronze controls
  • Remediation plan with prioritised actions for your MSP
  • Policy and documentation support for required controls
  • Readiness verification before certification submission
  • SMB1001 Bronze certification (via ASD-approved assessor process)
  • Evidence pack suitable for client and insurer review
  • Roadmap to Silver (if desired)

Business benefits

  • Verifiable, ASD-recognised credential β€” not a self-reported checklist
  • Differentiator when competing for contracts with security-conscious clients
  • Demonstrates security maturity to insurers β€” can support cyber insurance applications
  • Satisfies supply chain security requirements from enterprise and government clients
  • Foundation for ongoing security improvement toward Silver and Gold

Engagement process

Gap assessmentWe assess your current posture against all 12 SMB1001 Bronze controls and identify exactly what needs to change.
Remediation planPrioritised list of actions for you and your MSP. We identify quick wins and flag anything that requires more time or investment.
DocumentationPolicies and evidence documentation prepared for any controls that require written procedures or records.
Readiness checkWe verify all controls are in place and evidence is complete before you submit for certification.
CertificationCertification submitted via the ASD-approved process. You receive your SMB1001 Bronze credential and evidence pack.
See where you stand

Where to next?

πŸ“‹
Client-Ready Security Turn your SMB1001 credential into completed security questionnaire responses.
πŸ”Ž
Security Health Check Run quarterly to show your score trending upward β€” useful evidence for insurers and clients alike.
πŸ†
ISO 27001 Formal ISMS and internationally recognised certification for clients who need it.

See how this fits: Starting from scratch Β· Client & supply chain path

How far from SMB1001 Bronze are you right now?

A gap assessment takes a few hours and gives you a clear list of what needs to change. Most organisations are closer than they think.

Get your gap assessment

Kaurna Acknowledgement

We acknowledge and pay our respects to the Kaurna people, the traditional custodians of the ancestral lands on which we work. We acknowledge the deep feelings of attachment and relationship of the Kaurna people to country and we respect and value their past, present and ongoing connection to the land and cultural beliefs.