Defence Cyber Certification

Register Interest
Need Cyber Essentials?

Defence Cyber Certification (DCC)

Following the recent launch of the Defence Cyber Certification (DCC), a new cyber security certification framework to enhance the cyber resilience of the UK’s defence supply chain, we have seen significant interest in how organisations can become certified.

Currently, the scheme remains in its pilot phase, with the official launch of Level 0 expected in the coming months. Once this becomes available, we’ll update you on how Indelible Data can help with certification.

We are already trusted by many defence companies to deliver Penetration Testing and Cyber Essentials.

About Defence Cyber Certification

What is DCC?

A comprehensive cyber security certification for UK defence suppliers, developed by the MoD & IASME. It assures organisational cyber resilience and aids in MOD procurement.

Four Levels of Assurance

The scheme includes Levels 0 to 3. All levels require Cyber Essentials, and Levels 2 and 3 also require Cyber Essentials Plus. The number of controls increases with each level, from 3 at Level 0 to 144 at Level 3, aligning with the risk and complexity of the contract.

Three-Year Certification & Annual Renewal

DCC is valid for three years with annual attestation and Cyber Essentials (or Plus) re-certification to maintain assurance

Register your Interest

Register Interest

Client Testimonials

Our Technical Security Audit by Indelible Data was effective and the comprehensive report could be understood by colleagues at all levels within the organisation

Achieving Cyber Essentials Plus and utilising the Penetration testing service offered by Indelible Data has not only given internal stakeholder confidence of our security posture but also provides assurance to a UK recognised benchmark of Cyber Security to our existing and potential customers. Meeting this trusted standard for Cyber Security can be seen as an business enabler and has provided us greater opportunities to not only tender for potential new contracts but also deepen relationships with existing customers.

“The whole team at Indelible Data has been professional, knowledgeable, and prompt, working with us to ensure we meet our deadlines for certification.”

“We’ve been a customer of Indelible Data for 13 years due to the consistent high-quality service. Their commitment to delivering reliable support and exceeding expectations during our Cyber Essentials Plus certification has earned our trust year after year.”

Indelible Data works with us to maintain compliance, consistently offering friendly and helpful insight and expertise both in the field of cyber security and in its understanding of Cyber Essentials and Cyber Essentials Plus frameworks.

Indelible Data has consistently delivered excellent support in securing our system landscape with its professional approach to our annual Cyber Essentials Plus audit and monthly vulnerability scanning year after year

We’ve used Indelible Data for our Cyber Essentials certification two years in a row, their expertise has made certification straightforward and consistently professional each time.

Your Trusted Partner for Defence Cyber Certification

Defence Cyber Certification (DCC) is an essential requirement for suppliers working with the UK Ministry of Defence. It helps demonstrate your organisation’s ability to protect sensitive information and manage cyber risks effectively. With requirements scaled to the nature of your defence contracts, DCC ensures the right level of assurance without unnecessary complexity.

Indelible Data will aim to support you through every stage of the process – from understanding the requirements to closing any security gaps. Whether you’re starting fresh or building on an existing Cyber Essentials certification, our experienced team always provides clear guidance, document support, and expert advice to help organisations with critical compliance.

Frequently Asked Questions

The MOD decides whether DCC is required for a specific contract. However, any organisation can apply for DCC at any time, regardless of whether they currently work with the MOD.

The MOD assigns the required level based on the nature of the contract. You can still choose to certify at any level even if you are not yet working on a MOD project.

Costs vary depending on your organisation’s size, the DCC level, and how prepared you are. Certification Bodies provide quotes based on your specific needs.

Certification is valid for three years. You must confirm annually that there have been no significant changes, and renew Cyber Essentials (or Plus) each year.

Yes. Cyber Essentials is mandatory for all DCC levels. Cyber Essentials Plus is additionally required for Levels 2 and 3.

  • Level 0: Entry-level with 3 controls, for contracts with very low cyber risk.
  • Level 1: Basic assurance with 101 controls, for low to moderate risk.
  • Level 2: Advanced security with 139 controls, for high-risk environments.
  • Level 3: The highest level with 144 controls, for very high-risk work.

Certification is required when specified in your MOD contract. However, you can pursue certification in advance to prepare for future opportunities.

Yes. We can offer support such as readiness assessments and policy reviews. We cannot, however, implement controls for you.

Yes. All core parts of the business relevant to your defence work must be in scope. The certification will clearly state what is covered.

The DCC scheme was developed by the Ministry of Defence in partnership with IASME to ensure suppliers meet appropriate cyber security standards based on the sensitivity of their work.

Our Certifications

Client logo
Client logo
Client logo
Client logo
Client logo
Client logo

Register Your Interest

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.