SMB1001 - Tier 3 (Gold)

Enterprise-Grade Security

The Gold package is designed for businesses that require the utmost assurance in cybersecurity – for example, those handling highly sensitive data, subject to strict regulations, or that simply aspire to the best security possible (financial services firms, healthcare providers, tech companies, government contractors, etc.). With Gold, you gain around-the-clock threat monitoring, advanced cloud and network defences, formal incident response plans, and ongoing strategic support from our virtual CISO team.

Service Description

The Gold tier includes all Silver controls and enhancements, and adds advanced security measures to fulfil Level 3 requirements and provide an enterprise-grade posture

It meets all SMB1001 tier 1 requirements, making it an ideal starting point for businesses beginning their cybersecurity journey. This tier delivers core security measures – from managed antivirus and firewalls to automated backups – in a simple, cost-effective plan. With Bronze, you gain peace of mind that your business and customer data are safeguarded by industry best practices without the need for in-house IT staff. It helps prevent “low-hanging fruit” attacks that often-hit small businesses, at an affordable price point.

Benefits

How it Works

Key Controls & Implemented Solutions

To fulfil the SMB1001 Tier3 (Gold) requirements,
the CyberGrape Gold package delivers the technologies and services, mapped to each requirement:

24/7 SOC Monitoring and Threat Detection

Gold introduces continuous Security Operations

Centre (SOC) monitoring of your environment, 24×7. We deploy a managed SIEM (Security

Information and Event Management) solution that aggregates logs from across your network,

servers, cloud services, and endpoints. Our MDR service provides around-the-clock eyes on glass, leveraging advanced threat detection rules. This means any suspicious activity (be it an attempted intrusion, malware beacon, or anomalous user behaviour) triggers an alert to our security analysts, any time of day. With 24/7 SOC monitoring and advanced detection, the likelihood of a breach going undetected for long is drastically reduced. Essentially, Gold provides an active defence system that can catch and contain incidents before they escalate, closing the gap where hackers often operate unseen

At the Gold level, your organisation is assigned a virtual Chief Information Security Officer (vCISO) – a senior security consultant who will oversee your security strategy and governance. This fulfils the need for ongoing strategic guidance and aligns with higher governance controls (like 4.4.0.0 Implement a cybersecurity policy and 4.5.0.0 Incident response plan). The vCISO helps develop and maintain a comprehensive cybersecurity policy document for your organisation, as well as a formal incident response plan, meeting those Gold requirements. They also conduct regular security reviews, facilitate risk assessments, and ensure continuous improvement of your security posture. Additionally, we include GRC (Governance, Risk, Compliance) tooling such as MyCISO platform to track policies, controls, and audits. This ensures security isn’t a one-time project but an ongoing programme that evolves with new threats and compliance needs. With a vCISO and GRC support, you effectively have a seasoned security leader steering your program – without needing to hire one in-house.

Gold augments endpoint security by deploying next-gen endpoint protection (EDR/XDR) across all devices, configured with enterprise-grade policies. If a zero-day vulnerability or novel malware strain appears, our systems receive updated detection signatures or rules within hours. On the network side, Gold can include managed Intrusion Detection/Prevention Systems (IDS/IPS) and cloud firewalls for your critical servers or cloud workloads. We might leverage advanced firewall features or cloud security services to detect intrusions or DDoS attacks at the perimeter. All these feed into the SIEM for unified monitoring. Combined, these measures virtually eliminate major cybersecurity blind spots – covering endpoint, network, and cloud attack vectors comprehensively

Given many Gold-tier clients use cloud infrastructure, we include enhanced cloud security configuration and monitoring. This means implementing secure cloud configurations (for AWS/Azure/GCP or SaaS apps) and continuously scanning for any misconfigurations or exposed credentials. For instance, we set up alerts for leaked cloud credentials. In one scenario, if a developer’s AWS key got accidentally exposed, our system would detect it within hours and our team would help rotate the keys immediately. We also enforce Zero Trust remote access: ensuring that Remote Desktop Protocol (RDP) is only used through secure VPN or not at all (fulfilling 2.7.0.0 by requiring RDP to be restricted to VPN), and that VPN itself has strong MFA and logging. We lock down all cloud admin consoles with MFA and integrate them with your identity provider, aligning with Gold’s MFA on all business applications control.

Gold clients benefit from a proactive vulnerability scanning and remediation process. We conduct regular internal vulnerability scans on servers and workstations, and external scans on your internet-facing assets (complementing the Platinum requirement, but we begin the process at Gold for internal strengthening). Any critical patches or misconfigurations found are promptly addressed, often within the 14-day window required for critical updates on servers (1.6.0.0). This practice ensures that your systems are consistently hardened against known exploits, reducing the window of exposure.

Building on Silver’s basic tools, Gold fulfils 5.1.0.0 by implementing a full cybersecurity awareness training programme for all employees. We deliver ongoing training and phishing simulation campaigns (using platforms like usecure or
Proofpoint Security Awareness). Staff receive interactive training modules throughout the year and periodic simulated phishing emails. Over time, this program significantly improves employees’ vigilance – as evidenced by a marked drop in click rates on test phishing attempts and increased reporting of real suspicious emails. By Gold tier, security awareness becomes ingrained in your company culture, turning your people into an effective first line of defence rather than a weakness.

Gold includes maintaining a Digital Asset Register (inventory of all critical IT assets and data stores) fulfilling control 4.8.0.0. We use this register to ensure backups, patches, and security measures cover all important systems. We
also ensure secure disposal of data and devices: implementing policies for secure destruction of sensitive documents and proper wiping or destruction of any device that is retired (fulfilling 4.6.0.0 and 4.7.0.0). At this tier, every aspect of IT operations is viewed through a security lens – from onboarding a new asset to decommissioning old equipment – to leave no gaps.

In the event of an incident, Gold provides a detailed incident response plan (developed by the vCISO) and the resources to execute it. If something goes wrong, our team plus partners like Arctic Wolf are on hand to contain and remediate. We also ensure your backups are not just in place but tested – as per Gold control 3.1.1.0, backups are
verified for recoverability at least annually. This means you can trust that in a crisis, systems can be restored with minimal downtime. The combination of strong preventive measures and a rehearsed response plan gives you true cyber resilience.

CyberGrape will get your business SMB1001 (Tier 3) Cyber Certified.

For businesses with a low risk profile, the CyberGrape Enterprise-Grade Security (Level 3) package provides Advanced measures for compliance-heavy industries.

Implementing this package positions your organisation to successfully achieve CyberCert SMB1001 Gold Level 3 certification, demonstrating to clients, partners, and insurers that you meet recognised security standards. Certification also provides third-party assurance and a publicly verifiable record of your commitment to responsible cyber risk management.

Certification also provides third-party assurance and a publicly verifiable record of your commitment to responsible cyber risk management.

Schedule a discovery call

Don’t Wait for a Breach. Take Control of Your Cyber Risk Now.

Lock down your business with proactive, proven, certified cyber defence

Contact Us

Considering a different Tier of certification?

CyberGrape can support your business in other tiers of the SMB1001 certification

Bronze

Silver

Platinum

Diamond