SMB1001 - Tier 4 (Platinum)
Proactive Security & Assurance

Service Description
The Platinum package is designed for organisations that not only want top-notch internal security, but also need to continuously validate their defences and cover any remaining gaps through external support (like insurance and third-party oversight)
The Platinum tier includes all Gold features and then incorporates additional controls to meet Level 4 standards, focusing on proactive security management and external assurance: Regular Vulnerability Scanning & Penetration Testing (External): We conduct regular scans of all public-facing systems to identify vulnerabilities (fulfilling control 1.7.0.0). This includes scheduled monthly external vulnerability scans of your websites, VPN gateways, cloud endpoints, etc. using enterprise-grade scanning tools. Any findings (open ports, outdated software, misconfigurations) are promptly remediated by our team in coordination with your IT staff. Essentially, we “attack” your systems before real attackers can, closing weaknesses proactively. Additionally, Platinum offers annual light penetration testing services – ethical hackers will attempt to breach your perimeter and report back any weaknesses. This exceeds the requirement for regular scanning and provides an extra layer of assurance that critical exposures are found and fixed.
Benefits
- All the benefits of Bronze
- All the benefits of Silver
- All the benefits of Gold
- Ultimate Account Security
- Verified Incident Readiness
- Strategic Partnership and Support
- Higher Trust and Compliance Leverage
- Certified Security
How it Works
Key Controls & Implemented Solutions
To fulfil the SMB1001 Tier4 (Platinum) requirements,
the CyberGrape Platinum package delivers the technologies and
services, mapped to each requirement:
Comprehensive Multi-Factor Authentication Everywhere
By Platinum, multi-factor auth is non-negotiable on literally every access point. We ensure MFA is enforced wherever important data is stored (2.9.0.0) and for all remote access methods like VPN and RDP (controls 2.10.0.0 and 2.11.0.0). In practice, this means if you use VPN, it will require MFA; if admins use RDP to access servers, they must go through an MFA-protected jump host or VPN first. Any cloud application or database holding sensitive data must have MFA on accounts. We fine-tune these implementations using secure app-based authenticators or hardware tokens (no insecure SMS methods) in line with best practices. By removing any “MFA gaps”, we greatly reduce the risk of a
breach via stolen credentials on high-value systems. (Many breaches come from one account without MFA – Platinum ensures there are zero such single-factor accounts in your environment.)
Cloud Credential & Access Management
Platinum addresses the nuanced control 2.8.0.0 which is about managing remote access cloud credentials. We help you implement strict Identity and Access Management (IAM) policies for cloud services: enforcing least privilege for
cloud admin roles, using centralised identity federation (linking cloud accounts to your primary corporate identity provider), and securing API keys or SSH keys in a vault. For example, AWS or Azure root account keys are secured offline; developers’ cloud keys are rotated regularly and stored securely (not left on laptops). We document all cloud accounts and ensure any remote access methods to cloud (like SSH into VMs) are locked down with keys/MFA and monitored. This closes a common gap where cloud platforms might otherwise be overlooked in on-prem security
programs.
Enhanced Backup and Recovery Testing
Building on Gold’s backup strategy, Platinum requires a thoroughly robust backup regimen (control 3.1.1.0). We ensure your backup strategy is aligned to your asset register (so all critical assets are covered), with multiple backup locations and at least six months of retention. Importantly, annual disaster recovery testing is included – we perform a test restore of critical systems at least once per year to verify data can be recovered efficiently. We also implement backup integrity checks and offline backup copies (to protect against ransomware that tries to delete backups). This level of preparedness means that even in a worst-case incident, data loss is minimal, and recovery is assured.
Cyber Insurance Guidance and Support
: Recognising that even with best efforts incidents can occur, Platinum includes support for obtaining and maintaining a Cyber Insurance policy (fulfilling control 3.2.0.0). Our vCISO will help you navigate the cyber insurance process – from selecting appropriate coverage to ensuring you meet the insurer’s security prerequisites (many of which are naturally satisfied by being Platinum level). Should an incident happen, we assist with the data and reports needed for claims. Having insurance adds financial protection for response and recovery costs. We essentially integrate your insurance into your security program: treating it as a last-resort safety net, while ensuring you maximize any premium discounts by demonstrating your strong security posture (often insurers give better rates if you can prove regular vulnerability scans, employee training, etc., which Platinum provides).
Dedicated Security Account Management
At Platinum tier, the relationship is often closer. We designate a senior security advisor or technical account manager who meets with you quarterly to review reports, scan results, and any incidents. This is an enhancement of the vCISO
service – more face-time and strategic planning. It aligns with control 1.1.1.0 which emphasizes having a reliable specialist available for cybersecurity needs. In practice, you have an experienced security professional virtually “on retainer” who knows your environment intimately and can coordinate improvements or incident handling with minimal delay. The SLA for incident response is tightened (e.g. aiming for immediate acknowledgment and swift on-site support if needed). Essentially, Platinum means you have a partner deeply invested in your security success, akin to having an extension of your team.
Continuous Compliance & Assurance
We assist in maintaining not just SMB1001 compliance but also preparing for any other standards or client-required audits. For instance, if you need ISO 27001 down the track or have to answer supplier security questionnaires frequently, the Platinum service ensures all evidence (vulnerability scan reports, training records, policy
documents) are up-to-date and readily available. We also include annual security assurance reviews – a comprehensive audit of your security controls against the Platinum requirements, to identify any gaps or areas for improvement. This self-audit approach ensures that when external auditors or clients examine your security, there are no surprises. It’s a proactive check that your controls not only exist on paper but are effective and improving continuously.

CyberGrape will get your business SMB1001 (Tier 4) Cyber Certified.
For businesses with a low risk profile, the CyberGrape Proactive Security & Assurance (Level 4) package provides Comprehensive controls for high-risk, critical sectors.
Implementing this package positions your organisation to successfully achieve CyberCert SMB1001 Platinum Level 4 certification, demonstrating to clients, partners, and insurers that you meet recognised security standards. Certification also provides third-party assurance and a publicly verifiable record of your commitment to responsible cyber risk management.
Certification also provides third-party assurance and a publicly verifiable record of your commitment to responsible cyber risk management.
Schedule a discovery call
Don’t Wait for a Breach. Take Control of Your Cyber Risk Now.
Lock down your business with proactive, proven, certified cyber defence
Contact Us