The IT Agency

Menu
Menu
[mobile_menu menu="Mobile Menu" menu-2="Mobile Bottom Menu"]
  • Cyber Security, Compliance

The IT Agency is SMB1001 Gold Certified for cyber security

Summary

  • The IT Agency holds SMB1001 Gold certification under SMB1001:2026, issued by CyberCert
  • Richard Grace, our Director of Cyber Security, sits on the international advisory board for the SMB1001 standard and brings decades of enterprise security experience to the SMB sector
  • Gold requires personal director attestation across 27 controls – SMB1001:2026 raised the bar with new requirements for endpoint detection, DMARC enforcement and AI data governance
  • Businesses pursuing certification can work with a partner that has been through the same process firsthand

The IT Agency is SMB1001 Gold Certified for cyber security

The IT Agency has achieved Gold certification under SMB1001:2026, issued by CyberCert – a formal recognition of the cyber security commitment we have built into our business from day one.

As a Microsoft Solutions Partner serving clients across government, defence, finance and biotech, robust cyber governance has long been core to The IT Agency’s offering. This certification formalises and documents a standard of practice that has always defined how the business operates.

Richard Grace, The IT Agency’s Director of Cyber Security, brings decades of enterprise-level security and risk management experience to the SMB sector and currently sits on the sits on the SMBiT Professionals board, bringing practical tools and solutions to those seeking to secure their business.

Why did The IT Agency pursue SMB1001 Gold certification?

For a managed service provider, holding the same certification recommended to clients is both a credibility and a practical consideration. The IT Agency pursued SMB1001 Gold for two reasons: to ensure every possible step is being taken to protect the business and its clients’ data, and to experience the certification process firsthand in order to guide others through it with confidence.

Working through each control rigorously gave the team a direct understanding of what the framework requires in practice, including where the complexity sits, what preparation looks like and how the attestation process works when done properly. That combination of genuine security commitment and hands-on process knowledge shapes every client conversation about certification.

“Achieving Gold certification means every control we recommend to a client is a control we have implemented and attested to ourselves. That is the standard of accountability we think any credible provider should meet.”

-Richard Grace, Director, Cyber Security, The IT Agency

What does SMB1001 Gold certification require?

SMB1001 is a five-tier cyber security framework built specifically for small and medium businesses. Gold requires personal attestation by the business director across 27 controls spanning technology management, access management, backup and recovery, policies and processes, and education and training.

SMB1001:2026 is more rigorous than previous editions, introducing new requirements for endpoint detection and response, email authentication with DMARC enforcement, AI data governance and expanded third-party obligations. Achieving Gold under this edition means The IT Agency’s cyber governance position has been held to a higher bar than any previous version of the framework.

What does The IT Agency’s SMB1001 certification mean for your business?

Choosing a certified partner matters because the quality of guidance received is directly tied to the experience behind it. Having been through the SMB1001 process firsthand, that knowledge is built into every client engagement at The IT Agency. The team understands where the complexity sits, which requirements call for specialist input and what a properly completed attestation process looks like, making the path to certification clearer and more efficient for the businesses The IT Agency supports.

Contact The IT Agency to discuss your SMB1001 certification pathway. We work with in-house IT teams, external IT partners and MSPs, or directly with your business. Whatever your current setup, we can support you from where you are today.

The IT Agency helps keep businesses connected, protected, productive and supported through cyber governance, compliance, AI and managed IT solutions. As a Microsoft Solutions Partner and SMB1001 Gold Certified MSP, we help businesses simplify IT, implement technology securely and strengthen resilience. Talk to us about building a more secure and future-ready business.

Frequently asked questions

What is SMB1001 Gold certification and who issues it?

SMB1001 is a cyber security framework developed by Dynamic Standards International. Gold is Level 3 of 5 and requires personal director attestation across 27 controls. Certification is issued by CyberCert.

What controls does Gold certification cover?

The 27 controls span five areas: technology management, access management, backup and recovery, policies and processes, and education and training. SMB1001:2026 added new requirements covering endpoint detection and response, DMARC email authentication, AI data governance and third-party obligations.

Does SMB1001 Gold require an independent external audit?

Gold is self-attested by the business director. Independent external audit becomes a requirement from Platinum, which is Level 4, upward.

How do I verify that The IT Agency is currently certified?

Our certification is publicly listed on the CyberCert registry, searchable by business name. You can confirm our certification level, issue date and expiry at any time.