SMB1001 - Tier 1 (Bronze)
Cyber Security Essentials

Service Description
Bronze is our entry-level Cyber Security Essentials bundle, providing the fundamental protections every small organisation needs to defend against common cyber threats.
It meets all SMB1001 tier 1 requirements, making it an ideal starting point for businesses beginning their cybersecurity journey and seeking SMB1001 certification. This tier delivers core security measures – from managed antivirus and firewalls to automated backups – in a simple, cost-effective plan. With Bronze, you gain peace of mind that your business and customer data are safeguarded by industry best practices without the need for in-house IT staff.
Benefits
- Operational Continuity
- Expert Support & Compliance
- Cost-Effective Peace of Mind
- Certified Security
How it Works
Key Controls & Implemented Solutions
To fulfil the SMB1001 Tier1 (Bronze) requirements,
the CyberGrape Bronze package delivers the technologies and
services, mapped to each requirement:
Engaged IT Support Specialist (MSP/Vendor)
We provide a dedicated technical support specialist as your managed service provider, offering regular assistance for day-to-day IT security needs (fulfilling control 1.1.0.0). This ensures you have expert help to implement and maintain all Bronze-level measures. (For example, an SLA with 8-hour response for incidents is established per guidelines.)
Network Firewall (Perimeter and Host-Based)
We install and configure a firewall where your network connects to the internet, and ensure all devices have their host firewalls enabled (addresses 1.2.0.0). Default passwords on firewall devices are changed and configurations are reviewed for security. This reduces unauthorised access and protects your network boundaries.
Endpoint Protection (Managed Anti-Virus/EDR)
All organisational devices are equipped with next-generation anti-virus (e.g. Microsoft Defender) with automatic updates enabled (fulfilling 1.3.0.0). We pair this with an EDR agent (Huntress) that monitors for threats; if malware is detected, Microsoft Defender blocks it and the Huntress agent alerts our Security Operations Centre (SOC) for investigation. This protects against malware infections and ensures no threat slips by unnoticed.
Automated Patching Management
We configure automatic installation of tested and approved software updates on all PCs, laptops and devices (fulfilling 1.4.0.0). Using our RMM platform (NinjaOne), systems receive the latest patches promptly, so there are no unpatched vulnerabilities for attackers to exploit. If auto-update isn’t possible for certain systems, our team manually updates them at least every 3 months per policy.
Password Policy Enforcement
We implement basic access management practices such as ensuring default device passwords are changed and that staff update passwords regularly (fulfilling 2.1.0.0). We help you establish a routine (at least annual) password change schedule and secure passphrase standards for all user and device accounts. This reduces the risk of unauthorised access via credential guessing or reuse
Managed Data Backup & Recovery
An automated cloud backup solution (e.g. Keepit) is deployed to back up all important digital assets, with at least daily frequency. This satisfies 3.1.0.0, requiring a backup and recovery strategy for critical data. Backups are stored encrypted off-site (with options for NZ/Australia data residency), and we can restore data within minutes in case of ransomware or data loss. This ensures operational resilience – even if files are encrypted by malware, you can recover quickly.

Achieve SMB1001 certification with CyberGrape.
For businesses with a low risk profile, the CyberGrape Cyber Security Essentials (Level 1) package provides a strong foundation for cyber security.
By Implementing this custom SMB1001 package by CyberGrape, it will position your organisation to successfully achieve CyberCert Bronze (SMB1001 Level 1) certification, demonstrating to clients, partners, and insurers that you meet an internationally recognised security standard.
Certification also provides third-party assurance and a publicly verifiable record of your commitment to responsible cyber risk management.
Schedule a discovery call
Don’t Wait for a Breach. Take Control of Your Cyber Risk Now.
Lock down your business with proactive, proven, certified cyber defence
Contact Us