SMB1001 - Tier 3 (Gold)
Enterprise-Grade Security

Service Description
The Gold tier includes all Silver controls and enhancements, and adds advanced security measures to fulfil Level 3 requirements and provide an enterprise-grade posture
It meets all SMB1001 tier 1 requirements, making it an ideal starting point for businesses beginning their cybersecurity journey. This tier delivers core security measures – from managed antivirus and firewalls to automated backups – in a simple, cost-effective plan. With Bronze, you gain peace of mind that your business and customer data are safeguarded by industry best practices without the need for in-house IT staff. It helps prevent “low-hanging fruit” attacks that often-hit small businesses, at an affordable price point.
Benefits
- All Bronze Benefits
- All Silver Benefits
- Preventing Catastrophic Breaches
- Maintaining Client Trust & Winning Business
- Operational Resilience
- Certified Security
How it Works
Key Controls & Implemented Solutions
To fulfil the SMB1001 Tier3 (Gold) requirements,
the CyberGrape Gold package delivers the technologies and
services, mapped to each requirement:
24/7 SOC Monitoring and Threat Detection
Gold introduces continuous Security Operations
Centre (SOC) monitoring of your environment, 24×7. We deploy a managed SIEM (Security
Information and Event Management) solution that aggregates logs from across your network,
servers, cloud services, and endpoints. Our MDR service provides around-the-clock eyes on glass, leveraging advanced threat detection rules. This means any suspicious activity (be it an attempted intrusion, malware beacon, or anomalous user behaviour) triggers an alert to our security analysts, any time of day. With 24/7 SOC monitoring and advanced detection, the likelihood of a breach going undetected for long is drastically reduced. Essentially, Gold provides an active defence system that can catch and contain incidents before they escalate, closing the gap where hackers often operate unseen
Virtual CISO & Security Governance
At the Gold level, your organisation is assigned a virtual Chief Information Security Officer (vCISO) – a senior security consultant who will oversee your security strategy and governance. This fulfils the need for ongoing strategic guidance and aligns with higher governance controls (like 4.4.0.0 Implement a cybersecurity policy and 4.5.0.0 Incident response plan). The vCISO helps develop and maintain a comprehensive cybersecurity policy document for your organisation, as well as a formal incident response plan, meeting those Gold requirements. They also conduct regular security reviews, facilitate risk assessments, and ensure continuous improvement of your security posture. Additionally, we include GRC (Governance, Risk, Compliance) tooling such as MyCISO platform to track policies, controls, and audits. This ensures security isn’t a one-time project but an ongoing programme that evolves with new threats and compliance needs. With a vCISO and GRC support, you effectively have a seasoned security leader steering your program – without needing to hire one in-house.
Advanced Endpoint & Network Protection
Gold augments endpoint security by deploying next-gen endpoint protection (EDR/XDR) across all devices, configured with enterprise-grade policies. If a zero-day vulnerability or novel malware strain appears, our systems receive updated detection signatures or rules within hours. On the network side, Gold can include managed Intrusion Detection/Prevention Systems (IDS/IPS) and cloud firewalls for your critical servers or cloud workloads. We might leverage advanced firewall features or cloud security services to detect intrusions or DDoS attacks at the perimeter. All these feed into the SIEM for unified monitoring. Combined, these measures virtually eliminate major cybersecurity blind spots – covering endpoint, network, and cloud attack vectors comprehensively
Cloud Security & Zero Trust Controls
Given many Gold-tier clients use cloud infrastructure, we include enhanced cloud security configuration and monitoring. This means implementing secure cloud configurations (for AWS/Azure/GCP or SaaS apps) and continuously scanning for any misconfigurations or exposed credentials. For instance, we set up alerts for leaked cloud credentials. In one scenario, if a developer’s AWS key got accidentally exposed, our system would detect it within hours and our team would help rotate the keys immediately. We also enforce Zero Trust remote access: ensuring that Remote Desktop Protocol (RDP) is only used through secure VPN or not at all (fulfilling 2.7.0.0 by requiring RDP to be restricted to VPN), and that VPN itself has strong MFA and logging. We lock down all cloud admin consoles with MFA and integrate them with your identity provider, aligning with Gold’s MFA on all business applications control.
Vulnerability Management
Gold clients benefit from a proactive vulnerability scanning and remediation process. We conduct regular internal vulnerability scans on servers and workstations, and external scans on your internet-facing assets (complementing the Platinum requirement, but we begin the process at Gold for internal strengthening). Any critical patches or misconfigurations found are promptly addressed, often within the 14-day window required for critical updates on servers (1.6.0.0). This practice ensures that your systems are consistently hardened against known exploits, reducing the window of exposure.
Security Awareness Training Program
Building on Silver’s basic tools, Gold fulfils 5.1.0.0 by implementing a full cybersecurity awareness training programme for all employees. We deliver ongoing training and phishing simulation campaigns (using platforms like usecure or
Proofpoint Security Awareness). Staff receive interactive training modules throughout the year and periodic simulated phishing emails. Over time, this program significantly improves employees’ vigilance – as evidenced by a marked drop in click rates on test phishing attempts and increased reporting of real suspicious emails. By Gold tier, security awareness becomes ingrained in your company culture, turning your people into an effective first line of defence rather than a weakness.
Asset Management & Secure IT Operations
Gold includes maintaining a Digital Asset Register (inventory of all critical IT assets and data stores) fulfilling control 4.8.0.0. We use this register to ensure backups, patches, and security measures cover all important systems. We
also ensure secure disposal of data and devices: implementing policies for secure destruction of sensitive documents and proper wiping or destruction of any device that is retired (fulfilling 4.6.0.0 and 4.7.0.0). At this tier, every aspect of IT operations is viewed through a security lens – from onboarding a new asset to decommissioning old equipment – to leave no gaps.
Incident Response & Recovery
In the event of an incident, Gold provides a detailed incident response plan (developed by the vCISO) and the resources to execute it. If something goes wrong, our team plus partners like Arctic Wolf are on hand to contain and remediate. We also ensure your backups are not just in place but tested – as per Gold control 3.1.1.0, backups are
verified for recoverability at least annually. This means you can trust that in a crisis, systems can be restored with minimal downtime. The combination of strong preventive measures and a rehearsed response plan gives you true cyber resilience.

CyberGrape will get your business SMB1001 (Tier 3) Cyber Certified.
For businesses with a low risk profile, the CyberGrape Enterprise-Grade Security (Level 3) package provides Advanced measures for compliance-heavy industries.
Implementing this package positions your organisation to successfully achieve CyberCert SMB1001 Gold Level 3 certification, demonstrating to clients, partners, and insurers that you meet recognised security standards. Certification also provides third-party assurance and a publicly verifiable record of your commitment to responsible cyber risk management.
Certification also provides third-party assurance and a publicly verifiable record of your commitment to responsible cyber risk management.
Schedule a discovery call
Don’t Wait for a Breach. Take Control of Your Cyber Risk Now.
Lock down your business with proactive, proven, certified cyber defence
Contact Us