Cyber security built for SMBs.
Prove it. Protect it.
SMB1001 is an Australian-aligned cyber security certification that gives small and medium businesses a practical path to stronger security and greater trust.
SMB1001 Certification Levels
Five progressive levels. Each level adds more controls and builds stronger protection.
Stronger Outcomes for Your Business
SMB1001 helps you meet requirements, protect your business, and build trust with partners.
Meet baseline security expectations from clients, insurers and industry standards with a structured, practical approach.
Learn more →Show partners and larger organisations that your business meets the security requirements needed to work with them.
Learn more →Be better prepared for cyber insurance by putting the controls in place insurers expect when assessing your business.
Learn more →A clear, achievable path to cyber security
SMB1001 is a tiered cyber security standard designed for small and medium businesses. It helps you manage risk, protect your data and operations, and demonstrate to customers, partners and insurers that you take security seriously.
C2PR is an authorised SMB1001 certification partner, delivering assessments up to Gold level.
SMB1001 vs Essential Eight Framework
Both improve cyber security, but they're built for different purposes. SMB1001 is a tiered, independently certified standard built specifically for small and medium businesses, while Essential Eight is a technical, self-assessed framework originally developed for government agencies. Here's how they compare.
| SMB1001 | Essential Eight | |
|---|---|---|
| Built for | Small and medium businesses | Originally Australian government agencies, now also used by private organisations |
| Target | SMBs seeking a recognised, achievable credential suited to their size and resources | Organisations of any size wanting a technical security baseline, commonly used by government and businesses with IT support in place |
| Structure | Five tiers: Bronze, Silver, Gold, Platinum, Diamond | Eight technical strategies, each rated across four maturity levels |
| Certification | Independent third-party certification via CyberCert | Self-assessed; independent certification is not mandatory for most businesses |
| Scope | Broad, covering governance, people, and process alongside technical controls | Narrow and technical, focused on preventing, limiting, and recovering from intrusions |
| Risk | Risk management and incident response included | Primary technical controls |
| Best for | Demonstrating trust to clients, partners, and insurers with a recognised credential, and strengthening supply chain relationships | Hardening IT systems against common attack techniques |
How We Help You Get Certified
Initial review
We assess your current setup and understand your business.
Gap identification
We identify where improvements are needed.
Implementation
We help you put the right controls and processes in place.
Certification
You achieve your chosen SMB1001 level through CyberCert.
Ongoing support
We keep you secure as threats and requirements change.
Ready to strengthen your business?
Find out where your business stands and what it takes to achieve SMB1001 certification.