A practical pathway that builds on Essential Eight controls, improves cyber hygiene over time, and creates clearer evidence for due diligence discussions.
We focus on measurable uplift and maintaining controls. Outcomes depend on scope, business processes and the maturity targets agreed in your roadmap.
Typical contract term is 12 months.
WHAT IS INCLUDED
Scope, gaps and priorities documented. A clear picture of where you are and what needs attention first.
Staged actions with clear sequencing. Prioritised improvements across identity, endpoint, email, backup and perimeter controls.
Controls maintained through managed services. Patching, monitoring, access management and backup verification as part of your IT plan.
Progress and risk visibility for management. Regular reporting that shows what has been done, what is next, and where risks remain.
Keep evidence current and useful. Scheduled reviews to update documentation, reassess gaps, and adjust the roadmap as your environment changes.
Want to understand your readiness baseline?
Talk to a SpecialistWe start with a baseline, execute staged uplift, then maintain controls and evidence through reporting and reviews.
Document current controls and gaps. Set an achievable target tier and timeline.
Implement prioritised improvements across identity, endpoint, email, backup and perimeter controls with clear sequencing.
Maintain reporting and review cadence. Keep evidence current and useful for management oversight and due diligence.
KEY FACTS
START HERE
Our SMB1001 readiness pathway builds on Essential Eight controls. If you need a clear starting point, review the uplift program overview.
EXPLORE MORE
Hub
Cyber security services
Plans, scope, uplift modules and the full FAQ set.
Explore →
Essential Eight
Essential Eight overview
What it is, why it matters, and the eight strategies in plain English.
Explore →
Essential Eight
Essential Eight uplift program
A staged delivery model with milestones and progress reporting.
Explore →
Capability
Endpoint protection
EDR deployment, hardening, monitoring and reporting.
Explore →
Capability
ThreatLocker
Application control and allowlisting to block unauthorised software.
Explore →
Capability
Email security
Anti-phishing controls and Managed DMARC options.
Explore →
Capability
Duo MFA
Multi-factor authentication rollout and management.
Explore →
Capability
Managed DMARC
Domain protection to reduce email spoofing risk.
Explore →
Strategic add-on
Managed FortiGate
Firewall monitoring, updates and change control.
Explore →
Capability
Cloud backup and recovery
Independent backup, disaster recovery, and Microsoft 365 protection.
Explore →
Capability
Microsoft 365 backup
Independent backup for Exchange, SharePoint, OneDrive and Teams.
Explore →
Capability
Incident response
Triage, containment, recovery and uplift actions.
Explore →
Roadmap
SMB1001 readiness
A structured path beyond Essential Eight foundations.
Explore →
WHY MILNSBRIDGE
24+
Years experience
E8
Essential Eight aligned
87%
First-call resolution
20sec
Average answer time
FAQ
SMB1001 is a cyber security certification framework developed by the Cyber Security Council of Australia (CSCAU) specifically for small and medium-sized businesses. It provides a tiered certification pathway — Bronze, Silver, and Gold — that gives SMBs a structured, achievable route to demonstrating strong cyber security posture without the complexity of enterprise frameworks like ISO 27001. SMB1001 is widely recognised by Australian insurers, government bodies, and supply chain partners as evidence of credible cyber security practice.
SMB1001 has three tiers: Bronze (foundational controls, self-assessed), Silver (intermediate controls with third-party verification), Gold (advanced controls aligned to the Essential Eight), and Platinum (highest tier, suitable for businesses handling sensitive data or operating in regulated industries). Milnsbridge helps clients assess their current posture and select the appropriate target tier based on their industry, risk profile, and client/partner requirements.
Milnsbridge conducts a gap assessment against the target SMB1001 tier to identify controls that are missing or insufficient, then delivers a prioritised remediation plan. The team implements required technical controls — including those aligned to the Essential Eight — manages the certification process, and liaises with CSCAU-authorised assessors where third-party verification is required. Milnsbridge is itself SMB1001 certified, so the guidance comes from direct experience with the framework.
Timeline depends on the target tier and the organisation's starting posture. Bronze certification can typically be achieved within four to eight weeks for a business that already has basic controls in place. Silver and Gold certifications require more comprehensive remediation and third-party verification, which may take three to six months. Milnsbridge provides a realistic timeline as part of the initial gap assessment.
Many Australian cyber insurers now require or provide premium discounts for businesses that hold recognised cyber security certifications. SMB1001 is increasingly accepted as evidence of due diligence by insurers, and achieving certification — particularly at Silver or Gold tier — can reduce premiums and strengthen your insured position in the event of a claim. Milnsbridge recommends confirming specific insurer requirements as part of your certification planning.
Yes. SMB1001 certification is a standalone Milnsbridge product with two components: a one-time onboarding fee covering the initial audit, controls alignment, implementation management, and CyberCert certification issuance; plus an ongoing monthly fee covering periodic reassessment, artifact creation, compliance management, and annual recertification costs.
Fill out the form and we’ll get back to you within 1 business hour.
Book a 30-Minute Strategy Call
with John Robb, Business Specialist
