Defence Cyber Certification Logo

Register Interest
Need Cyber Essentials?

Defence Cyber Certification (DCC)

Indelible Data Limited is currently authorised to assess Level 0 submissions and is undergoing the necessary checks and training to deliver all 4 levels in the future.

Defence Cyber Certification (DCC) developed by the UK Ministry of Defence (MOD) and IASME to give UK defence suppliers an organisation-wide cyber security assurance recognised across Defence procurements.

As a UK certification body, we assess and certify your company against the DCC requirements, providing clear scoping, practical readiness support, evidence review and a formal decision you can present to buyers.

Certification is maintained with annual check-ins and full recertification every three years, demonstrating ongoing cyber resilience and helping you stay contract-ready. Speak to our team to scope your assessment and get certified under DCC.

 

About Defence Cyber Certification

Level 0

Low level of cyber risk

  • Requires Cyber Essentials Basic and a further 3 controls that demonstrate the company follows basic cyber security practices.
    • GDPR
    • Data Security Basics
    • Network and System Resilience
DCC Applicant Guide - Level 0

Level 1

Low to moderate level of assessed risk

  • 101 controls used to demonstrate a company follows a comprehensive security programme

 

 

DCC Applicant Guide - Level 1

Level 2

High level of assessed risk

  • 139 controls that requires the company to demonstrate advanced cyber security oversight and planning.
DCC Applicant Guide - Level 2

Level 3

Substantial level of assessed risk

  • 144 controls require the company to demonstrate that it possesses expert level capabilities.
DCC Applicant Guide - Level 3

Ready For Certification?

Cyber Essentials Logo

Don’t already have Cyber Essentials?

Cyber Essentials is a prerequisite for all levels of the Defence Cyber Certification, and Cyber Essentials Plus is mandatory for Levels Two and Three. Ensure you have the appropriate Cyber Essentials certification in place before undertaking your DCC assessment.

Get Cyber Essentials

Defence Cyber Certification (DCC) Logo

Already have Cyber Essentials?

As you hold both Cyber Essentials (and Cyber Essentials Plus if you are certifying for levels two or three), you have satisfied the requirements for proceeding with Defence Cyber Certification. You are now eligible to proceed, take the next step to purchase your Defence Cyber Certification.

Get Defence Cyber Certification

Client Testimonials

Our Technical Security Audit by Indelible Data was effective and the comprehensive report could be understood by colleagues at all levels within the organisation

Achieving Cyber Essentials Plus and utilising the Penetration testing service offered by Indelible Data has not only given internal stakeholder confidence of our security posture but also provides assurance to a UK recognised benchmark of Cyber Security to our existing and potential customers. Meeting this trusted standard for Cyber Security can be seen as an business enabler and has provided us greater opportunities to not only tender for potential new contracts but also deepen relationships with existing customers.

“The whole team at Indelible Data has been professional, knowledgeable, and prompt, working with us to ensure we meet our deadlines for certification.”

“We’ve been a customer of Indelible Data for 13 years due to the consistent high-quality service. Their commitment to delivering reliable support and exceeding expectations during our Cyber Essentials Plus certification has earned our trust year after year.”

Indelible Data works with us to maintain compliance, consistently offering friendly and helpful insight and expertise both in the field of cyber security and in its understanding of Cyber Essentials and Cyber Essentials Plus frameworks.

Indelible Data has consistently delivered excellent support in securing our system landscape with its professional approach to our annual Cyber Essentials Plus audit and monthly vulnerability scanning year after year

We were supported by Indelible Data through Cyber Essentials Plus. All staff were really helpful, all queries answered really swiftly and process made very clear. We knew they were only an email away to help with questions.

Your Trusted Partner for Defence Cyber Certification

Purpose and Scope

Designed to enhance the cyber resilience and security of the UK defence sector’s supply chain, it focuses on overall organisational security, rather than just the systems and data used to deliver a contract, and demonstrates ongoing commitment to improvement. It aligns with international standards and best practices, involving a point-in-time assessment against the UK Defence standard DEFSTAN 05-138i4.

Achieving and maintaining DCC certification signals an organisation’s dedication to cyber resilience, providing verifiable assurance for defence-related bids and contracts.

See SCC Scoping Guide - V1.3 for more details.

Certification Levels

Each level aligns with a Cyber Risk Profile (CRP) level that is assigned to a project by the MOD

Process and Requirements

    • All levels require Cyber Essentials certification; Levels 2 and 3 also need Cyber Essentials Plus.
    • Applicants must show compliance with controls, explain how they meet them, and provide evidence.
    • Supporting documents are available to guide understanding of controls and assessment questions.
    • Re-certification every 3 years; annual check-ins required.
    • Companies can still apply if they are not currently participating in an MOD contract but would need to estimate the level that they may need in the future.
    • No documentation is ever sent to a Certification Body, it is either presented over a screen share session (for the lower levels) and is presented to assessors whilst on site for the higher levels.
    • The company must maintain an evidence record that never needs to leave their systems. See DCC Assessment Submission Record L1-3 - v.1.0for more details.

Engaging with us

  • When you wish to certify, contact us and we will need to know:
    • The company Size
    • Scope
    • Number of Sites
    • Complexity of the Organisation
    • Any clearances required.

 

Frequently Asked Questions

The MOD decides whether DCC is required for a specific contract. However, any organisation can apply for DCC at any time, regardless of whether they currently work with the MOD.

The MOD assigns the required level based on the nature of the contract. You can still choose to certify at any level even if you are not yet working on a MOD project.

Costs vary depending on your organisation’s size, the DCC level, and how prepared you are. Certification Bodies provide quotes based on your specific needs.

Certification is valid for three years. You must confirm annually that there have been no significant changes, and renew Cyber Essentials (or Plus) each year.

Yes. Cyber Essentials is mandatory for all DCC levels. Cyber Essentials Plus is additionally required for Levels 2 and 3.

  • Level 0: Entry-level with 3 controls, for contracts with very low cyber risk.
  • Level 1: Basic assurance with 101 controls, for low to moderate risk.
  • Level 2: Advanced security with 139 controls, for high-risk environments.
  • Level 3: The highest level with 144 controls, for very high-risk work.

Certification is required when specified in your MOD contract. However, you can pursue certification in advance to prepare for future opportunities.

Yes. We can offer support such as readiness assessments and policy reviews. We cannot, however, implement controls for you.

Yes. All core parts of the business relevant to your defence work must be in scope. The certification will clearly state what is covered.

The DCC scheme was developed by the Ministry of Defence in partnership with IASME to ensure suppliers meet appropriate cyber security standards based on the sensitivity of their work.

Our Certifications

Client logo
Client logo
Client logo
Client logo
Client logo
Client logo

Ready For Certification

Ready For Certification

Register your interest

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.