A tiered, prescriptive, and affordable cybersecurity dynamic standard which gets updated annually.
Global Acceptance
SMB1001 is a global standard and is updated annually - keeping up with the latest changes in technology.
Scalable Compliance
Made up of 5 tiers of compliance, you choose your path, timelines and costings to reach each level.
Affordable Solution
Pay for each tier separately - so you decide what to spend, and when to spend it.
Managed Service
Need some help? We offer managed services to help you at each stage so you are never left on your own.
Why was SMB1001 created
Cybersecurity isn’t just nice to have—it’s a must, even for small and medium-sized businesses (SMBs).
SMBs often need a flexible way to improve their cybersecurity without starting from scratch each time. That’s why SMB1001 was developed - a practical, scalable way to build up their cybersecurity over time.
Most existing standards, like ISO/IEC 27001, require a full-blown cybersecurity or information security system, which can be expensive and time-consuming—something many SMBs can’t afford.
What SMB1001:2025 Offers
SMB1001:2025 is a step-by-step cybersecurity certification with five levels, each one building on the last and getting more advanced.
This tiered system lets businesses start at a level that fits their current situation. They don’t have to go through all five levels unless they want to—giving them the freedom to improve at their own pace.
Certification Requirement |
 $95
Bronze
|
 $195
Silver
|
 $395
Gold
|
||
|---|---|---|---|---|---|
| Engage a technical specialist |  |
|
|
||
| install and configure a firewall | |
|
|
||
| Install anti-virus software | |
|
|
||
| Automatically update & patch all devices | |
|
|
||
| Enforcement of complex passwords | |
|
|
||
| Develop backup and recovery strategy | |
|
|
||
| Install TLS certificates on all public websites | |
|
|||
| Management of admin privileges | |
|
|||
| Mandate individual user accounts | |
|
|||
| Implement password management | |
|
|||
| MFA on all email accounts | |
|
|||
| Confidentiality agreement for all employees | |
|
|||
| Implement invoice fraud prevention | |
|
|||
| Establishment of a visitor register | |
|
|||
| Server patch management | |
||||
| MFA on all business apps and social media accounts | |
||||
| RDP only takes place under VPN control | |
||||
| Implement cybersecurity policy | |
||||
| Incident response plan | |
||||
| Secure method for secure document destruction | |
||||
| Implement digital asset register | |
||||
| Disposal process for all decommissioned devices | |
||||
| Cybersecurity awaresness training for all staff | |
Ready to get started?
Our Focus Industries
Our Team.
Work with experienced professionals, not chatbots.
We know you want the best advices, service and support, so we bring our global and multi-industry experience direct to your business. No chatbots, no junior staff, you work directly with the experts.
Benjii Creevey
Thomas Schultz
Ben Shapira
Michael Brooks
Jason Durrant
Steve Duckworth