CyberGrape
    CyberGrape
    Insights
    Compliance Frameworks

    Compliance that wins business, not just ticks boxes.

    The CyberGrape Platform maps every SMB1001 control to your current posture, collects evidence automatically from your connected tools, and tells you exactly what is missing. From assessment to certification-ready in weeks, not months.

    All five SMB1001 tiers. One platform.

    The platform tracks your progress across every tier simultaneously. Start wherever you are today and see what each step up requires.

    Bronze
    Bronze
    7 controls
    Silver
    Silver
    17 controls
    Gold
    Gold
    27 controls
    most common
    Platinum
    Platinum
    32 controls
    Diamond
    Diamond
    39 controls

    How the platform handles compliance.

    Control mapping across all SMB1001 tiers

    Every one of the 39 SMB1001 controls mapped to your current posture. See which are fully implemented, which are partial, and which are missing: across Bronze, Silver, Gold, Platinum and Diamond simultaneously.

    Automated evidence collection

    Evidence pulled directly from your connected tools. When Qualys detects your patch status, it maps to the relevant control. When usecure logs a training completion, it contributes to your evidence pack. No manual uploads for the controls your tools already cover.

    Gap analysis with prioritised remediation

    Every gap ranked by the effort to close it and its impact on your certification target. Not a flat list: a prioritised roadmap that tells you what to fix first to reach your next tier in the shortest time.

    Assessor-ready evidence pack

    When you are ready to certify, the platform generates your evidence pack automatically. Every control, every piece of supporting evidence, compiled into the format your certifier needs. What used to take weeks of preparation takes minutes.

    Continuous compliance monitoring

    Certification is not a point-in-time achievement. The platform monitors your controls continuously so you know the moment a control drifts out of compliance: not in your annual renewal conversation.

    NZISM framework support

    For organisations operating in or supplying to New Zealand government, the platform supports the NZISM framework alongside SMB1001. Both managed from the same interface, with separate reporting where required.

    Platform in action

    Your certification progress: tracked in real time.

    The platform maps every control to your current posture and shows you exactly what is outstanding at each tier. Evidence is collected automatically as your tools report in: no spreadsheets, no manual uploads.

    • Tier progress bars updated live
    • Evidence pulled from connected tools
    • Outstanding controls highlighted with remediation guidance
    app.cybergrape.io/compliance/smb1001
    SMB1001:2026 Certification Progress
    Control coverage across all five tiers
    BronzeCertified
    7 / 7 controls100%
    SilverCertified
    17 / 17 controls100%
    GoldCertified
    27 / 27 controls100%
    Platinum
    26 / 32 controls81%
    Diamond
    24 / 39 controls62%
    6 controls outstanding for Platinum
    Estimated 3–4 weeks to close: view remediation plan
    Evidence collected automatically
    Patch status pulled from NinjaOne
    5 min ago
    Training completion logged via usecure
    1 hr ago
    MFA policy acknowledged, 14 staff
    3 hrs ago
    Vulnerability scan, Qualys
    4 hrs ago
    77%
    Overall compliance score

    Also in the platform

    Security Command Centre

    Live posture. Every tool. One screen.

    Risk Management

    AI-powered risk register with board-ready reports.

    Policy Management

    Policies that work as evidence, not just documents.

    Common questions.

    Ready to see your compliance gaps?

    Connect your tools and the platform maps your controls automatically. Know exactly where you stand against your target tier in minutes.

    See SMB1001 certification