Independent SMB1001 advisory

Get certified in SMB1001. Without the overwhelm.

Practical advice for Australian small and medium businesses navigating the SMB1001:2026 cybersecurity certification, from gap assessment to certification day, and every annual update after.

Book a consultation Download the checklist

Five tiers. Start where you are.

SMB1001:2026 is a multi-tiered cybersecurity certification published by Dynamic Standards International. Each tier builds on the last across five domains: technology, access, backup, policy, and training.

Level 1

Bronze

Sole traders and businesses with fewer than 20 staff, taking the first steps on cyber hygiene.
7controls · self-attested
Level 2

Silver

Growing teams of 20–99 staff, formalising policies and procedures.
17controls · self-attested
Level 3

Gold

100–249 staff. Proactive cyber risk management across the organisation.
27controls · self-attested
Level 4

Platinum

250–499 staff, with formal SLAs and extended technical scope.
32controls · independently verified
Level 5

Diamond

Mature organisations of 500+ staff, with governance, Managed Detection and Response, and penetration testing.
39controls · independently verified

Recommended starting tiers are guidance only. Your appropriate tier depends on your industry, data sensitivity, regulatory requirements, and risk tolerance.

Procurement teams now ask for it. Insurers now expect it. SMB1001 makes the answer pragmatic.

Australian SMBs are increasingly being asked to prove their cybersecurity posture: in tenders, in supplier reviews, in cyber insurance renewals. The traditional answer was ISO/IEC 27001, but its full management-system requirements are out of reach for most businesses under 250 staff.

SMB1001 was built for this gap. A tiered, annually-updated standard that lets a six-person trades business start at Bronze and a 200-person professional services firm credibly demonstrate Gold maturity, without the six-figure spend of a full ISO programme.

Three ways to engage.

Independent, vendor-neutral advisory. We don’t sell the technology you implement. We help you choose, scope, and prove it.

01

Gap Assessment

A focused 90-minute discovery plus a written report against the SMB1001 controls relevant to your size and industry. You leave knowing which tier is realistic, where the gaps are, and what the work looks like.

Fixed scope · 2–3 week turnaround · Deliverable: tier-fit report
02

Certification Roadmap

A phased plan to take you from where you are to your target tier: sequenced across the five SMB1001 domains, costed, and aligned to your business cycle. Includes a Dynamic Standard Certifier (DSC) shortlist.

Fixed scope · 4–6 weeks · Deliverable: 3–12 month roadmap
03

Ongoing Advisory

A quarterly retainer covering control reviews, annual standard updates, re-certification preparation, and direct access for incident-response advice. Your part-time cyber advisor without the salary.

Monthly retainer · Quarterly reviews · Email and phone access
Free download

Which tier are you actually at?

The SMB1001 self-assessment checklist. 35 plain-English questions across the five domains. Score your business against the standard in under 30 minutes.

  • One page per domain, with reference to the official control numbers.
  • Realistic tier recommendation based on your score.
  • A short list of the highest-leverage gaps to close first.

Let’s figure out your starting tier.

Tell us a bit about your business and what’s prompting the conversation. We’ll respond within one business day.

Thanks. We’ll be in touch.

We aim to respond within one business day. In the meantime, the self-assessment checklist above is a useful first step.