The CSCAU site states that SMB1001 is a multi-tiered cyber security certification standard. This standard comprises five tiers that support an organisation in their journey of developing their cyber security hygiene from the Starter to Champion tier.
We like the intent of this standard; we commonly hear of the premier standards like ISO/IEC 27001, which requires significant investment to achieve, most of which is unobtainable for Australian SMBs. Then there is the consideration of the Essential 8, which, again, we believe is unobtainable for most Australian SMBs.
Tarian Cyber recently achieved SMB1001:Level 3 certification; this was pretty simple for us (as it should be as a Managed Security Services Provider) MSSP because we already have all the controls, policies, and processes in place.
For most Australian SMBs, Silver or Gold is where you should be aiming.
Aiming for Silver or Gold still requires specialist knowledge to implement these controls effectively. As we cover in a separate article, MFA is not a simple tick-and-flick security control. We urge SMBs not to attempt this in isolation but to reach out to an industry leader to help you on your journey.
Like most standards, it’s not always about the security controls; policy and process back the security controls at the business and human resources layers.
We have developed an SMB1001 uplift package to assist Australian SMBs in achieving Silver or Gold certification, backed by decades of industry experience and our 24/7 Security Operations Centre.
Tarian Cyber offers an unmatched depth of capability and expertise earned through personal commitment and industry recognition. It’s in the collective ‘we’ — where each team member is a highly skilled specialist in their own right — that drives our success. Together, we are united in building cyber resilience, and delivering security solutions our clients can depend on and value.
Our mission is centred around enabling organisation’s to confidently navigate the complex cyber security landscape. We stand as your trusted ally, aligning our strategies and solutions with your unique needs, ensuring that as threats evolve, so do our technologies and methodologies. Our relentless pursuit is to further enhance cyber resilience for our clients.
| Requirement | Silver | Gold |
| 1. Engage a technical support specialist for your organisation | ✓ | ✓ |
| 2. Install and configure a firewall | ✓ | ✓ |
| 3. Install anti-virus software on all organisational devices | ✓ | ✓ |
| 4. Automatically install tested and approved software updates and patches on all organisational devices | ✓ | ✓ |
| 5. Change passwords routinely | ✓ | ✓ |
| 6. Implement a backup and recovery strategy for important digital assets | ✓ | ✓ |
| 7. Install TLS certificates on all public internet facing websites | ✓ | ✓ |
| 8. Ensure employee accounts do not have administrative privileges | ✓ | ✓ |
| 9. Ensure employees have individual user accounts | ✓ | ✓ |
| 10. Implement a password manager system | ✓ | ✓ |
| 11. MFA on all employee email accounts | ✓ | ✓ |
| 12. Confidentiality agreement for all employees | ✓ | ✓ |
| 13. Implement a policy with procedures to prevent Invoice Fraud | ✓ | ✓ |
| 14. Implement a visitor register | ✓ | ✓ |
| 15. Ensure all servers are updated and patched | ✓ | |
| 16. MFA on all business applications and social media accounts | ✓ | |
| 17. Implement a cyber security policy | ✓ | |
| 18. Implement a response plan for cyber related incidents | ✓ | |
| 19. Utilise secure methods of physical document destruction | ✓ | |
| 20. Ensure all computer devices that store sensitive, private, and/or confidential information are disposed of securely | ✓ | |
| 21. Implement and maintain a digital asset register | ✓ | |
| 22. Conduct cyber security awareness training for all employees | ✓ |
Jon Robertson
Managing Director
Tarian Cyber
