Our approach to cyber security is implementing the SMB1001:2025 standard. A robust and effective means of protecting against threat actors.
Qbit IT Solutions offers a range of security risk assessments delivered by our team of security professionals and tailored to meet your specific needs.
Businesses are under increasing pressure to meet a range of compliance requirements. The standard also incorporates global best practices, aligning with frameworks like the Australian Essential Eight, UK Cyber Essentials, and the US Cybersecurity Maturity Model Certification (CSCAU).
Cybersecurity is an accepted part of doing business today and regular security assessments play an essential role. Last year’s assessment is only relevant to last year’s threats and is unfortunately no longer valid. SMB1001:2025 standard comes with a yearly certificate to protect your business from evolving threats.
Security risk assessment services offer a comprehensive, business-driven approach to evaluating your cybersecurity maturity level based on your business operations and risk profile.
The simple 5-tiered maturity model provides you with a simple, pragmatic approach to evaluate your current security maturity and identify targeted areas for improvement.
Qbit achieved our Cyber Security ISO27001 certification in 2024. This is a testament to how seriously Qbit takes security. Both internally and at our customer sites.
Your Managed Services IT company needs to have well thought out processes and procedures to help you protect your business from those cyber security threats and criminals that only care about getting your money. This is why Qbit aligns its clients with the standards outlines by SMB1001:2025 and ISO27001
Cyber security is a journey here is the strategic roadmap to build resilience.
Bronze is the lowest level of cyber maturity. We recommend this standard as a minimum of all business additional remote office/branch offices.
6 control requirements
Key deliverables:
– Have access to IT professionals
– Site protection with an edge firewall or security appliance
– Endpoint protection on all devices (laptop, desktop, mobile and servers)
– Quality password that change regularly
– Backup and restore point of important assets, typically Microsoft 365 users and on-prem servers
Silver is a moderate level of cyber maturity, good cyber hygiene and a basic policy adoption. Ideally starting point for small businesses with low to moderate dependencies on IT systems for day-to-day operations.
14 control requirements
Key deliverables, in addition to Bronze-level:
– Certificate that validated business maturity for 12-months
– Website protection on all public facing websites
– All employees have a named account
– Define standard account and privileged/administrative accounts
– No local administrative rights on standard accounts
– Password management system
– Multifactor Authentication (MFA) for email services
– HR policy document for confidentiality agreement for all employee’s
– Finance policy and procedure to prevent invoice fraud
– Per site visitor register
Gold is a good level of cyber maturity, hygiene and policy adoption. Ideal for a SMB that have a matured operation where data is valued.
23 control requirements
Key deliverables, in addition to Bronze-level:
– Certificate that validated business maturity for 12-months
– Patch management on all servers**
– Multifactor Authentication (MFA) for business applications and social media accounts
– Implemented a cyber security policy
– Implemented a response plan for cyber, backup, business continuity and disaster recovery plans
– Retention lifecycle, Secure methods of physical document destruction
– Device lifecycle, ensure all devices with sensitive, private and/or confidential information are disposed of security
– Regular cyber security awareness training for all employee’s
Platinum is for advanced and highly matured businesses. Where sensitive data where risk is mission critical.
Ideal when you have cyber insurance, work with government agencies and/or international businesses where supply-chain risk auditable.
28 control requirements
Key deliverables, in addition to Gold-level:
– Certificate that validated business maturity for 12-months
– Black box/Grey box penetration testing for public facing websites (Web App and Databases)
– Management of remote access cloud credentials
– Multifactor Authentication (MFA) for data at rest
– Multifactor Authentication (MFA) for remote access (VPN and RDP technologies)
– Valid and up-to-date cyber insurance policy
Diamond is the highest level on the SMB1001:2025 standard near equivalent to ISO:27001.
35 control requirements
Key deliverables, in addition to Platinum-level:
– Certificate that validated business maturity for 12-months
– Encryption of important data at rest
– Application control for all business apps
– Disable untrusted macros on Microsoft Office
– Black box/Grey box penetration testing, vulnerability for internal systems
– Social engineering testing
– Supply-chain trust program
– conduct police vetting on employees with administrative access
– Conduct training on test the incident response plan’s
Australian Cyber Security Center (ACSC) Essential-8 and NIST Cybersecurity Framework 2.0 are cyber security framework. These provide a subjective guideline on how to build a auditable standard. There is no means of certifying to a framework.
SMB1001:2025 is that standard. Containing clear, specific rules that are certifiable. This is built from those standards. As this stage standard is built from multiple frameworks there are additional items to the standard that are not covered in each framework.
SMB1001 Level-5 is equivalent to NIST CSF 2.0 and Essential-8. Read more
Our advanced cyber security assessment is the deep dive on building resilience and true innovation.
