If you’ve been looking into cyber security for your small business, you might have come across SMB1001. It’s a certification framework that’s gaining traction in Australia and expanding globally — and unlike ISO 27001 or SOC 2, it’s actually designed for businesses your size.
Here’s what you need to know.
What is SMB1001?
SMB1001 is a cyber security certification framework built specifically for small and medium-sized businesses. It was developed by Cyber Security Certification Australia (CSCAU) and is designed to be achievable, practical, and relevant for businesses that don’t have dedicated IT teams.
Think of it as a maturity framework. It starts at Bronze (basic hygiene) and goes up through Silver, Gold, Platinum, and Diamond. Each level adds more controls and practices.
For most solopreneurs and micro-businesses, Bronze is the right starting point — and it’s achievable in 30 minutes with the right setup.
Why should you care?
Three reasons:
1. Clients are starting to ask
Enterprise and government clients are increasingly including cyber security requirements in their procurement processes. If you can demonstrate certification — even at Bronze level — you stand out from freelancers and contractors who can’t.
2. Cyber insurance is getting harder
Insurers are tightening their questionnaires. Having a recognised certification makes the process smoother and can improve your premiums. SMB1001 gives insurers confidence that you’ve got the basics covered.
3. It’s the right thing to do
If you’re handling client data, you have a responsibility to protect it. SMB1001 gives you a structured framework to do that without overcomplicating things.
What does Bronze require?
SMB1001 Bronze focuses on foundational cyber hygiene. The controls include:
- Endpoint protection — Antivirus and threat detection on your devices
- Access control — Unique passwords, multi-factor authentication
- Data backup — Regular backups of critical data
- Email security — Protection against phishing and spam
- Security awareness — Basic understanding of common threats
- Patch management — Keeping software up to date
- Network security — Secure wifi, VPN usage
If you’re reading this and thinking “I don’t have most of these,” you’re not alone. Most solopreneurs don’t. That’s the gap.
How ShieldMate aligns you to Bronze
ShieldMate Pro is designed to tick the Bronze boxes automatically:
| Bronze Requirement | ShieldMate Pro Feature |
|---|---|
| Endpoint protection | 24/7 device threat detection & response |
| Access control | Managed password manager with unique credentials |
| Data backup | Automated cloud backup for Google Workspace / Microsoft 365 |
| Email security | AI-powered email filtering for phishing & impersonation |
| Security awareness | Included security awareness training |
| Patch management | Monitored as part of ongoing endpoint management |
| Network security | Secure VPN with dedicated IP + DNS filtering |
When we say “30 minutes to Bronze alignment,” we mean it. During your onboarding session, we deploy and configure all of these tools. You don’t need to understand the technical details — we handle that.
What Bronze doesn’t cover
Bronze is a starting point, not a destination. It doesn’t include:
- Formal risk assessments
- Incident response plans (though having ShieldMate means we handle incident response for you)
- Supply chain security requirements
- Advanced logging and monitoring
These are covered in higher SMB1001 tiers (Silver, Gold, etc.) and may become relevant as your business grows.
How to get certified
The certification process through CSCAU involves:
- Self-assessment — Review your practices against the Bronze controls
- Evidence collection — Document that each control is in place
- Submission — Submit your evidence to CSCAU for review
- Certification — Receive your SMB1001 Bronze certificate
With ShieldMate Pro, steps 1 and 2 are largely done for you. Your trust centre (coming soon) will provide a real-time view of your active controls that can serve as evidence.
The bottom line
SMB1001 Bronze is achievable, practical, and increasingly relevant. It’s not overkill like ISO 27001, and it’s not just a checkbox exercise. It gives you a genuine baseline of security that protects your business and impresses your clients.
If you’re a freelancer, small business, or solopreneur looking to get started, ShieldMate Pro aligns you to Bronze requirements from day one.