In plain English
SMB1001 is a practical cyber security standard built for small Australian businesses that find ISO 27001 too complex or expensive, but still want formal certification. It offers four tiers — Bronze, Silver, Gold, and Platinum — each requiring progressively stronger controls. Many government procurement panels and supply chain requirements accept SMB1001 as evidence of baseline cyber security practice.
Full definition
SMB1001 was developed by the Council of Small Business Organisations Australia (COSBOA) in partnership with the cyber security industry to give small businesses an achievable, cost-proportionate certification pathway. The standard is designed to complement the rather than replace it.
The four tiers reflect increasing levels of maturity: Bronze covers basic hygiene controls (, patching, backups, access management); Silver adds and planning; Gold introduces security monitoring and staff awareness programmes; Platinum incorporates and continuous improvement processes.
Certification is conducted by an accredited third-party assessor and is renewed annually. For businesses supplying to government, defence primes, or enterprise clients that require evidence of security practice, SMB1001 provides a credible, independently verified credential without the cost of a full audit.