Defence Cyber Certification

Defence Cyber Certification

DCC assessment and certification for organisations in the Ministry of Defence supply chain. Delivered by an accredited DCC Certification Body.

If your organisation needs to complete a supplier assurance questionnaire (SAQ) to bid on contracts, has been told that Defence Cyber Certification is a contractual requirement, or had a prime contractor ask you to demonstrate MOD supply chain cyber security compliance, we can help.

Defence Cyber Certification (DCC) provides an organisation level assurance that can be presented to support the procurement process. It’s designed to align with DEFSTAN 05-138 i4 and is available in four levels. RB Consultancy Ltd is an accredited DCC Certification Body and Remo Belisari is a qualified DCC Assessor for Levels 0 and 1.

Framework

What Is Defence Cyber Certification?

DCC is a comprehensive security framework for defence suppliers. It provides a structured and consistent approach to understanding and assessing DEFSTAN 05-138 Issue 4 compliance. The certification involves a point in time assessment based on a number of required security controls. The four levels align with a cyber risk profile. An organisation’s required level can relate to the sensitivity of the information it handles and the nature of its contracts. The higher the level, the higher number of security controls are required.

How DCC Relates to the Cyber Essentials scheme?

Cyber Essentials is the foundation for all levels. Cyber Essentials Plus is required for Levels 2 and 3. Every organisation pursuing DCC certification must first hold a valid Cyber Essentials certificate. DCC builds on that baseline with defence-specific controls and requirements. As an accredited certification body for both Cyber Essentials and DCC, RB Consultancy Ltd can manage both programmes in a coordinated way, which can be much more efficient than treating them as separate exercises through different certification bodies.

The Benefits of Working with the Same Certification Body

Working with the same certification body brings greater efficiencies. You’re more easily able to align on scope. There’s familiarity of the environment through each assessment. You’ll get consistency from a technical and assessment perspective. You’ll also save time on your procurement processes, with communication and management time being streamlined too.

Who Benefits from DCC Certification?

Three categories of organisation see the strongest benefit from holding a DCC certificate.

MOD supply chain contractors

If you supply to the MOD or sub-contract for a prime, DCC reduces the overhead of responding to Supplier Assurance Questionnaires. It also demonstrates that your security controls are in place, based on audit and not just self-attestation.

Organisations bidding for defence contracts

DCC certification is increasingly being asked for. Arriving at tender with DCC already in place could position you ahead of competitors and provide positive signals to procurement teams and the MOD.

Prime contractors managing suppliers

Primes with obligations to manage the cyber security of their sub-contractors can determine the certification level appropriate for each. If you are a prime with supply chain DCC requirements, we can support you and your suppliers.

MOD supplier?

DCC certification, end-to-end with one body.

We are accredited for DCC Level 0 and Level 1 and an accredited Cyber Essentials body. Both can run as one coordinated programme.

how we help

DCC certification, end-to-end with one body

Five things that make working with RB Consultancy on DCC straightforward, from scoping through to certification.

01

Implementation or Assessment

As an IASME Certification Body for DCC Level 0 and 1, we provide assessment services and have the skills and experience to advise on implementation. Arrange a discovery call to determine which role you would like us to take.

02

Level 0 and Level 1

We are backed by IASME to assess and certify organisations to Level 0 and 1 of the DCC scheme.

03

ChCSP, CISSP and ISO 27001 lead assessor

Our lead Assessor holds CISSP, Chartered Cyber Security Professional status and is an ISO 27001 lead implementer. These are key differentiators for clients looking for genuine competence, ethics and professional judgement.

04

Theoretical and practical scoring for Level 1

We review your Assessment Submission Record, evidence and scoping statement to give you a starting position via theoretical scoping, then proceed to practical scoring with clarification rounds in between.

05

Assessment and certification under one roof

As an accredited DCC Certification Body and qualified DCC Assessor, we carry out the assessment and issue the certification directly. You are working with one organisation start to finish.

"It was an absolute delight to work with RB Consultancy to obtain our Defence Cyber Certificate. They were extremely professional and helpful, and made the DCC process straightforward with no hassle. Moreover, they went above and beyond to ensure we were fully prepared so that the assessment itself was stress-free and we knew exactly what to expect. We already used RB Consultancy for our Cyber Essentials Plus and Cyber Assurance certifications, and this will be one more that we will be happy to use RB Consultancy for."
Director
UK cyber security consultancy
Client reviews

What our clients say

All reviews are independently verified on Google.

Remo guided us clearly at every step, making what initially seemed complex very easy to understand. Their friendly and approachable manner made the whole experience stress-free. Highly recommend.

I
Imran Shah
Verified client

It felt less like working with a consultant and more like having a trusted partner invested in our success. We passed both assessments smoothly and with confidence.

H
Haroon Khan
Multifleet Vehicle Management Ltd

A subject matter expert who efficiently identified issues and provided the right level of support to achieve certification well within timescales.

M
Marten Cox
Defence Sector

The process was very smooth sailing and the advice was invaluable. Highly recommend, and I would happily work with RB Consultancy Ltd again.

L
Lydia Carrick
Health and AI Sector

They made what initially seemed complex very easy to understand. Highly recommend their services to anyone looking for expert and reliable Cyber Essentials support.

I
Imran Shah
Verified client

Excellent service. Very professional, very thorough — exactly what we needed to get over the line on our Cyber Essentials Plus assessment.

V
Verified Google Review
Reviews on Google

Remo guided us clearly at every step, making what initially seemed complex very easy to understand. Their friendly and approachable manner made the whole experience stress-free. Highly recommend.

I
Imran Shah
Verified client

It felt less like working with a consultant and more like having a trusted partner invested in our success. We passed both assessments smoothly and with confidence.

H
Haroon Khan
Multifleet Vehicle Management Ltd

A subject matter expert who efficiently identified issues and provided the right level of support to achieve certification well within timescales.

M
Marten Cox
Defence Sector

The process was very smooth sailing and the advice was invaluable. Highly recommend, and I would happily work with RB Consultancy Ltd again.

L
Lydia Carrick
Health and AI Sector

They made what initially seemed complex very easy to understand. Highly recommend their services to anyone looking for expert and reliable Cyber Essentials support.

I
Imran Shah
Verified client

Excellent service. Very professional, very thorough — exactly what we needed to get over the line on our Cyber Essentials Plus assessment.

V
Verified Google Review
Reviews on Google

The process was very smooth sailing and the advice was invaluable. Highly recommend, and I would happily work with RB Consultancy Ltd again.

L
Lydia Carrick
Health and AI Sector

They made what initially seemed complex very easy to understand. Highly recommend their services to anyone looking for expert and reliable Cyber Essentials support.

I
Imran Shah
Verified client

Excellent service. Very professional, very thorough — exactly what we needed to get over the line on our Cyber Essentials Plus assessment.

V
Verified Google Review
Reviews on Google

Remo guided us clearly at every step, making what initially seemed complex very easy to understand. Their friendly and approachable manner made the whole experience stress-free. Highly recommend.

I
Imran Shah
Verified client

It felt less like working with a consultant and more like having a trusted partner invested in our success. We passed both assessments smoothly and with confidence.

H
Haroon Khan
Multifleet Vehicle Management Ltd

A subject matter expert who efficiently identified issues and provided the right level of support to achieve certification well within timescales.

M
Marten Cox
Defence Sector

The process was very smooth sailing and the advice was invaluable. Highly recommend, and I would happily work with RB Consultancy Ltd again.

L
Lydia Carrick
Health and AI Sector

They made what initially seemed complex very easy to understand. Highly recommend their services to anyone looking for expert and reliable Cyber Essentials support.

I
Imran Shah
Verified client

Excellent service. Very professional, very thorough — exactly what we needed to get over the line on our Cyber Essentials Plus assessment.

V
Verified Google Review
Reviews on Google

Remo guided us clearly at every step, making what initially seemed complex very easy to understand. Their friendly and approachable manner made the whole experience stress-free. Highly recommend.

I
Imran Shah
Verified client

It felt less like working with a consultant and more like having a trusted partner invested in our success. We passed both assessments smoothly and with confidence.

H
Haroon Khan
Multifleet Vehicle Management Ltd

A subject matter expert who efficiently identified issues and provided the right level of support to achieve certification well within timescales.

M
Marten Cox
Defence Sector
The knowledge base

Frequently Asked Questions

If you cannot find the answer you are looking for, ask us and we will walk you through it.

Yes. DCC implementation can be carried out as well as Assessment, but not both for the same organisation. Let’s have a conversation about what’s best for your organisation and how best we can help.

The scope should be whole organisation and must include all processes, systems and business parts that are required for the business to function and deliver in a secure and resilient manner.

The standard is intentionally broad, ensuring that a supplier organisation, irrespective of any controls required for a specific contracted output, has the appropriate minimum levels of controls in place for the level of risk to which that supplier organisation is expected more generally.

‘Functions’ are high level groupings of business activities that are essential for ongoing operations and any specific activities related to delivering contracted outputs. This is important for DCC as it helps determine what to focus on for the controls.

‘Data’ encompasses any information generated, stored or handled by the supplier in support of its functions.

Cyber Essentials is the government-backed baseline scheme covering five technical controls — it relates to the protection of common forms of internet based threats. DCC builds on that baseline with additional controls, governance requirements and assessment criteria specific to the risk environment of the defence supply chain. Cyber Essentials is a prerequisite for DCC levels 0 and 1. Cyber Essentials Plus is a prerequisite for DCC levels 2 and 3.

Timeline for certification can vary considerably by organisation. Key factors include the level of DCC required, how close an organisation is to meeting the required security controls, the evidence that it has to support it and whether implementation support is required. Let’s have a quick call and we can help you determine the likely timeline for Level 0 and/or Level 1. We also work to flag any issues early, to reduce impact and maximise efficiencies.

Level 0’s normally assigned for very low level of cyber risk to a supplier delivering an output — it requires organisations to demonstrate basic cyber security practices. An applicant must comply with three controls. The first relates to Cyber Essentials. The second relates to UK GDPR. The third relates to resilient networks and systems.

Level 1 is normally assigned for low level cyber risk to a supplier delivering an output — it requires supplier organisations to demonstrate a comprehensive cyber security programme with good practices. There are 101 controls covering areas such as governance, leadership, risk, awareness and training, access management, physical and data security, system resilience, monitoring detection and threat intelligent, incident response and business continuity.

Get started today

Got a DCC Requirement?

Book a free 30-minute call. We will help you understand the certification levels and guide you through the process for Levels 0 and 1.

RB Consultancy shield logo blue

RB Consultancy Ltd

Pioneer House, Pioneer Business Park,
North Road, Ellesmere Port, Cheshire,
CH65 1AD

NCSC Assured Service Provider
IASME Certification Body
Chartered (ChCSP) · CISSP · ISSAP