what is SMB1001

Why SMB1001 Gold Level

What you’ll learn
1) How to build an SMB-ready cybersecurity policy set (and make it usable)
2) Incident response planning: what to do before, during, and after an attack
3) Running effective cybersecurity awareness training (that changes behaviour)
4) Asset control and secure lifecycle: knowing what you have and retiring it safely

Requirements
none

Description
What is SMB1001SMB1001 Gold Level (SMB1001:2026)OverviewThe SMB1001 Gold Level course is designed for small and medium businesses ready to move beyond basic technical controls and embed cybersecurity into everyday business operations. At Gold level, the focus shifts to establishing the policies, training, and incident response planning needed to consistently manage cyber risk—not just react to problems as they occur.The 5 LevelsEach level builds on the one before it, so you can improve your security step-by-step—without trying to do everything at once.Bronze: Essential basics like antivirus, backups, and reliable IT supportSilver: Stronger access controls, including MFA and password managersGold: Formal policies, staff training, and incident response planning to manage riskPlatinum: Added assurance with vulnerability scans, cyber insurance, secure remote access, and auditsDiamond: Advanced protections such as encryption, zero-trust controls, and real-time monitoringThe 5 PillarsAll SMB1001 controls fit within these five key areas:Technology: Firewalls, patching/updates, and secure devicesAccess: Managing who can access systems and how they log inBackup & Recovery: Restoring data and operations when things go wrongPolicies & Processes: Clear rules, governance, and accountabilityEducation & Training: Building staff awareness to prevent costly mistakesGold builds on the earlier SMB1001 levels (Bronze and Silver) by formalising how your organisation governs security, prepares staff, and documents critical assets and processes.Who this is forThis course suits businesses that already have fundamental protections in place (e.g., managed IT support, backups, MFA/password practices) and now need to:Introduce clear cybersecurity policies and processesBuild a security-aware culture through staff trainingCreate a structured, repeatable incident response approachImprove operational control via an asset register and secure lifecycle practicesWhat you’ll learn (Gold outcomes)By the end of the course, participants will be able to implement and maintain key SMB1001 Gold requirements, including:Cybersecurity policies that define expectations, responsibilities, and acceptable practicesA practical incident response plan (what to do before, during, and after a cyber incident)A repeatable cybersecurity awareness training approach for staffSecure device disposal procedures to reduce data leakage risk from retired equipmentA digital asset register to track and protect business systems, accounts, and data locationsDelivery focus (practical implementation)Participants will work toward producing “ready-to-use” business artefacts aligned to SMB1001 Gold, such as:Policy templates adapted to their business operationsAn incident response playbook with roles, steps, and escalation pathsA training planAsset register structure and ownership modelMinimum standards for device disposal and evidence tracking

Who this course is for
This course is for any business owner who wants to strengthen cybersecurity in their workplace.