Our Services

Cyber Security risk assessment

Security risk assessments help you understand your organisation’s security maturity model, identify potential gaps in your security controls and recommend changes to meet your compliance requirements.

Cyber Security

Our cyber security approach is built on the SMB1001:2026 standard, providing a robust and proven framework to protect businesses from modern threat actors. This standard delivers a practical and measurable way to improve cyber resilience while remaining appropriate for small and medium organisations.

Qbit IT Solutions offers a comprehensive range of security risk assessments delivered by experienced security professionals. Each engagement is tailored to your business environment, risk profile, and operational needs, ensuring outcomes that are both relevant and actionable.

Compliance and Assurance

Organisations are under increasing pressure to demonstrate compliance with recognised cyber security standards and government frameworks. SMB1001:2026 incorporates global best practices and aligns closely with leading frameworks including the Australian Essential Eight, UK Cyber Essentials, and the US Cybersecurity Maturity Model Certification.

Our team has proven proficiency in Essential Eight alignment, supporting businesses to understand their maturity level and implement practical controls that reduce real-world risk. We also hold SMB1001 and DISP Certifications.

We also have experience in aligning business IT requirements for businesses to attain certifications in SMB1001 and DISP Certifications.

Cyber security is now an accepted part of doing business. Regular security assessments play a critical role in managing risk, as last year’s assessment only reflects last year’s threat landscape. The SMB1001:2026 standard includes a yearly certification, helping your organisation maintain assurance and remain protected as threats and technologies continue to evolve.

Our Approach

Our security risk assessment services take a business-driven approach to evaluating your cyber security maturity. Assessments are based on how your organisation actually operates, the data you value most, and the risks that matter to your business.

This provides a clear and pragmatic way to understand your current security posture, benchmark progress, and identify targeted areas for improvement. This approach enables informed decision making, prioritised investment, and measurable uplift in cyber resilience over time.

Qbit is ISO27001 Certified

Qbit achieved our Cyber Security ISO27001 certification in 2024. The highest international standard for data security. This is a testament to how seriously Qbit takes security, both internally and in our customers businesses.

 

Your Managed Services IT company needs to have well thought out processes and procedures to help you protect your business from those cyber security threats and criminals that only care about getting your money. This is why Qbit aligns its clients with the standards outlines by SMB1001:2026 and ISO27001

Cyber security is a journey here is the strategic roadmap to build resilience.

  • Bronze is the lowest level of cyber maturity. We recommend this standard as a minimum of all business additional remote office/branch offices.

    6 control requirements

    Key deliverables:
    – Have access to IT professionals
    – Site protection with an edge firewall or security appliance
    – Endpoint protection on all devices (laptop, desktop, mobile and servers)
    – Quality password that change regularly
    – Backup and restore point of important assets, typically Microsoft 365 users and on-prem servers

  • Silver is a moderate level of cyber maturity, good cyber hygiene and a basic policy adoption. Ideally starting point for small businesses with low to moderate dependencies on IT systems for day-to-day operations.

    14 control requirements

    Key deliverables, in addition to Bronze-level:
    – Certificate that validated business maturity for 12-months
    – Website protection on all public facing websites
    – All employees have a named account
    – Define standard account and privileged/administrative accounts
    – No local administrative rights on standard accounts
    – Password management system
    – Multifactor Authentication (MFA) for email services
    – HR policy document for confidentiality agreement for all employee’s
    – Finance policy and procedure to prevent invoice fraud
    – Per site visitor register

  • Gold is a good level of cyber maturity, hygiene and policy adoption. Ideal for a SMB that have a matured operation where data is valued.

    23 control requirements

    Key deliverables, in addition to Silver-level:
    – Certificate that validated business maturity for 12-months
    – Patch management on all servers**
    – Multifactor Authentication (MFA) for business applications and social media accounts
    – Implemented a cyber security policy
    – Implemented a response plan for cyber, backup, business continuity and disaster recovery plans
    – Retention lifecycle, Secure methods of physical document destruction
    – Device lifecycle, ensure all devices with sensitive, private and/or confidential information are disposed of security
    – Regular cyber security awareness training for all employee’s

  • Platinum is for advanced and highly matured businesses. Where sensitive data where risk is mission critical.

    Ideal when you have cyber insurance, work with government agencies and/or international businesses where supply-chain risk auditable.

    28 control requirements

    Key deliverables, in addition to Gold-level:
    – Certificate that validated business maturity for 12-months
    – Black box/Grey box penetration testing for public facing websites (Web App and Databases)
    – Management of remote access cloud credentials
    – Multifactor Authentication (MFA) for data at rest
    – Multifactor Authentication (MFA) for remote access (VPN and RDP technologies)
    – Valid and up-to-date cyber insurance policy

  • Diamond is the highest level on the SMB1001:2025 standard near equivalent to ISO:27001.

    35 control requirements

    Key deliverables, in addition to Platinum-level:
    – Certificate that validated business maturity for 12-months
    – Encryption of important data at rest
    – Application control for all business apps
    – Disable untrusted macros on Microsoft Office
    – Black box/Grey box penetration testing, vulnerability for internal systems
    – Social engineering testing
    – Supply-chain trust program
    – conduct police vetting on employees with administrative access
    – Conduct training on test the incident response plan’s

  • Australian Cyber Security Center (ACSC) Essential-8 and NIST Cybersecurity Framework 2.0 are cyber security framework. These provide a subjective guideline on how to build a auditable standard. There is no means of certifying to a framework.

    SMB1001:2025 is that standard. Containing clear, specific rules that are certifiable. This is built from those standards. As this stage standard is built from multiple frameworks there are additional items to the standard that are not covered in each framework.

    SMB1001 Level-5 is equivalent to NIST CSF 2.0 and Essential-8. Read more

Next Steps

Our advanced cyber security assessment is the deep dive on building resilience and true innovation.

Name(Required)
Top priority assessment

Business IT Security Solutions

Security awareness training
Compliance checks
Protecting IT Infrastructure