SMB1001 Certification Australia
No Lock-In Contracts
100% Australian Based
5 Stars from 70+ Reviews
A Practical Cybersecurity Standard for SMB
Readiness Assessment
Cybersecurity Improvements
Policies and Evidence
Ongoing Maintenance
The Five SMB1001 Levels
Level 1 – Foundation (Bronze)
Level 1 establishes foundational cybersecurity protections.
It includes measures relating to:
- Engaging a technical support specialist
- Business firewall protection
- Antivirus protection
- Automated software updates
- Strong password hygiene
- Backup and recovery
- Cybersecurity awareness training
Level 1 is generally suitable for very small businesses beginning their cybersecurity improvement journey.
Level 2 – Formalised Security (Silver)
Level 2 builds on the foundational controls and begins formalising business security practices.
Additional measures include:
- Removing unnecessary administrator access
- Providing individual user accounts
- Introducing a password manager
- Multi-factor authentication for employee email
- Email authentication and anti-spoofing
- Server patching
- Confidentiality agreements
- Invoice fraud procedures
- Visitor management
Level 2 may suit established small businesses that already have basic IT management but need stronger access controls and documented processes.
Level 3 – Mature Cyber Hygiene (Gold)
Level 3 introduces a broader and more mature cybersecurity approach.
Additional controls include:
- Endpoint Detection and Response
- MFA for business applications
- Secure remote access
- Cyber insurance
- A formal cybersecurity policy
- A cyber incident response plan
- Secure device and document disposal
- A digital asset register
- A responsible AI usage policy
- More advanced employee security awareness
For many established small and medium businesses, Level 3 may provide the strongest balance between practical security, business processes and affordability.
Level 4 – Advanced Controls (Platinum)
Level 4 is intended for businesses with relatively mature cybersecurity arrangements.
It introduces or strengthens requirements relating to:
- Vulnerability scanning
- Stronger MFA controls
- MFA for VPN and remote access
- Protection of important data
- More mature backup and recovery arrangements
- Expanded technical oversight
- Independent verification and attestation
Level 4 requires a greater level of evidence and external verification than Levels 1 to 3.
Level 5 – Highest Assurance (Diamond)
Level 5 is the highest SMB1001 certification level.
It introduces more advanced requirements, including:
- Encryption of important information at rest
- Application control
- Blocking untrusted Microsoft Office macros
- Penetration and vulnerability testing
- Social engineering testing
- EDR supported by a Managed Detection and Response service
- Stronger incident response arrangements
- Supplier cybersecurity management
- Vetting for staff with privileged access
- Independent verification and attestation
Level 5 is generally more appropriate for organisations with sensitive information, higher cyber risk or demanding customer and supply-chain requirements.
We Partner With Industry Leaders
Why Work With Accel IT?
Accel IT combines practical cybersecurity experience with an understanding of how small and medium-sized businesses actually operate. We help turn SMB1001 requirements into clear, manageable actions rather than leaving your business to interpret a technical checklist on its own.
Our team can review your current environment, implement missing security controls and prepare the supporting evidence needed for certification. Because we also provide managed IT, Microsoft 365 security, endpoint protection, backups, patching and security awareness training, many of the required controls can be maintained as part of an ongoing service rather than treated as a once-a-year compliance exercise.
We focus on improvements that are appropriate for your organisation, budget and risk profile. The goal is not simply to obtain a certificate, but to build cybersecurity practices that remain effective and manageable after the assessment is complete.
Cybersecurity designed around smaller businesses.
SMB1001 FAQ's
Does Accel IT issue the SMB1001 certificate?
No. Accel IT assists with readiness, implementation and evidence preparation. Formal certification is facilitated through an authorised Dynamic Standard Certifier.
How long does certification last?
SMB1001 certification remains valid for one year.
Which level should we choose?
This depends on your existing security, business size, risk exposure and customer requirements. A readiness assessment can identify an appropriate starting point.
Is SMB1001 the same as Essential Eight or ISO 27001?
No. They overlap in some areas but have different purposes, requirements and assessment models.
Do we need an IT provider?
An IT provider is not the party making the final self-attestation for Levels 1 to 3, but many businesses need technical assistance to correctly implement and demonstrate the required controls.
The standard also includes engaging a technical support specialist as a foundational requirement.
Can Accel IT help us complete the self-assessment?
Accel IT can help assess your current environment, explain technical requirements, remediate gaps and prepare supporting evidence. The organisation remains responsible for ensuring that information submitted during self-attestation is accurate.
Let's Talk Security
See Our Cyber Security Tips and News
SMB1001 vs Essential Eight vs ISO 27001: Which Is Right for Your Business?
Australian businesses are increasingly being asked to demonstrate that they take cybersecurity seriously. This may come from customers, insurers, government contracts, supply-chain questionnaires or internal risk-management requirements. Three frameworks commonly…
Australian Websites Targeted in Large-Scale CMS Exploitation Campaign
Australian businesses are being warned about a large-scale cyberattack campaign targeting websites built on popular content management systems, including WordPress, Joomla and Craft CMS. According to a critical security alert…
FortiBleed Warning: What Australian Businesses Need to Know About Fortinet Firewall and VPN Exposure
The Australian Cyber Security Centre has issued a critical alert for organisations using Fortinet firewalls and VPN gateways, following reports of a widespread credential-based attack campaign known as FortiBleed. For…
Emails Getting Blocked? It’s Not Always What You Think.
Why You’re Not Receiving Emails From Customers: SPF, DKIM and DMARC Explained It’s a frustrating problem, and one that can cause missed enquiries, delayed jobs, lost sales, and confusion on…
Antivirus Alone Won’t Save You!
For years, traditional antivirus was considered to be the first line of defence in cybersecurity. But the threat landscape has changed fundamentally. Hackers are getting more intelligent. Attacks are more…
Seriously, Why Aren’t You Using 2FA Yet?
In 2025, the fact I still meet people and businesses that still ignore two-factor authentication (2FA) blows my mind. Cyber threats are more advanced than ever, yet many companies continue…
AccelProtect – Protecting your business from the inside out.
Not having IT security is like having a luxury car with state-of-the-art locks, but leaving the windows open in a high-crime neighborhood. On Friday the 13th. Today’s businesses rely heavily…
What Do Companies Really Do With Our Data?
How to Protect Your Privacy in the Digital Age A Comprehensive Guide to Understanding the Impact of Data Collection on Our Lives and Tips to Stay Safe In today’s digital…
What are some common internet scams and how to avoid them?
What are some common internet scams and how to avoid them? The internet has brought many positive benefits to our lives, such as providing a wealth of information and convenience.…
Don’t be the next victim. Get secure now!
Don’t be the next victim. Get secure now! The following questions relate to cybersecurity and customers’ data: It’s important to regularly audit your customer data to ensure cybersecurity. Review which…
What is Multi-Factor Authentication (MFA) and why should I use it?
Multi-factor authentication is a security measure that requires the user to provide two or more factors to gain access to resources such as your computer, online account, or VPN. There…
6 Tips for Managing a Secure Computer Network
In today’s business landscape, a secure computer network is everything to an organisation.This is because most organisations are host to vast amounts of data that carries information about their business…




