SMB 1001

SMB 1001


The SMB1001:2023 Multi-tiered cyber security standard for small and medium businesses is a prescriptive dynamic standard which allows all organisations to start and monitor their journey towards resilience against evolving cyber threats.

SMB1001 provides organisations of any sector with guidance for developing their cyber security hygiene.

This standard has a particular awareness of small and medium-sized businesses with their needs and resources being considered in the development of SMB1001.

Meeting the highest tier of SMB1001 indicates that an organisation has implemented good cyber security measures. Adopting SMB1001 supports organisations in their path towards meeting ISO/IEC 27001 requirements. It also supports organisations in managing the likelihood and impact of potential cyber threats.

Break down of requirements

46 controls stepped across 5 Tiers. Tier 1 is 6 controls while Tier 5 is all 46 controls. The 46 controls are set out in 5 Categories (Technology Management, Access Management, Backup and Recovery, Policies, Processes and Plans and Education and Training.)

Best suited for

Due to its multi-tier approach this standard is excellent for small and medium businesses but equally fits the criteria for being able to provide robust assurance across all practice areas for large organisations looking to assess their own businesses and suppliers.

Can a business be certified or assessed against this standard?

Businesses can self assess themselves using the Assessment process in Assuredly for Tiers 1-3.  Once complete businesses can request certification without needing to engage an independent auditor.   An independent verification organisation (IVO) approved by Cyber Cert is required to provide independent verification to achieve certification for Tiers 4 and 5.

Who can assess or audit a business against this standard?

Self-Assessment or Auditor depending on Level of certification sought.

Governed by

Cyber Security Certification Australia

Region focus


How Assuredly can help you align to this standard or framework?

Assuredly offers a seamless, guided process that will effortlessly walk you through assessing your business against the SMB 1001 Requirements.  Whether you are  small business looking to get your first security certificate and want to achieve Tier 1 or your are a professional advisor looking to support companies achieve Tier 5 Assuredly allows you to:

  • Instantly access Help Guides that assist you in implementing controls which you don’t yet have in place.
  • Be told up front what auditors would require to verify the control is in place.
  • Add evidence to your assessment which can be audited if required.
  • Get instant and automated suggested action plans for weak controls.
  • Automatic risk registers created with associated risk treatment plans.
  • A clear view of how well your business has achieved against the SMB 1001 standard in easy-to-understand graphs.
  • Certification process.

Get your SMB 1001 Certification Today! Join Assuredly  today and embark on a journey towards a secure and fortified future for your business!

Book a free demonstration or talk to one of our team today to uncover how we can help ensure you align to standards while also understanding your risks and knowing what action to take to keep your business secure.