Preparing for DCC Level 0

Level 0 is the entry point to the DCC scheme, designed for contracts with a very low assessed cyber risk. It provides a foundational layer of security that demonstrates your commitment to protecting data and positions you for future growth within the defence sector.

Here we will explain what Level 0 is, who it is for, and the first steps you need to take to prepare for your assessment.

What is DCC Level 0?

DCC Level 0 is the first level on the DCC ladder. It requires organisations to demonstrate compliance with a small, manageable set of three core security controls that go beyond the mandatory Cyber Essentials certification. It is designed to be an accessible entry point for suppliers, ensuring a baseline of good practice without the extensive overhead of the higher levels.

• SMEs new to the defence sector.
• Suppliers bidding for contracts with a very low Cyber Risk Profile (CRP).
• Organisations looking to build a foundation for higher levels of certification in the future.

Preparation For Level 0

Preparing for Level 0 involves focusing on three fundamental areas. Getting these right is the key to a successful assessment.

1. Achieve Cyber Essentials

This is the absolute, non-negotiable starting point. You cannot begin your DCC Level 0 assessment without a valid Cyber Essentials (CE) certificate issued by IASME. Cyber Essentials covers the fundamental technical controls required to protect against the most common cyber attacks.

Action: If you do not have Cyber Essentials, this is your first task. Engage with a certification body and complete the assessment.

2. Understand Your GDPR Obligations

One of the three core controls of Level 0 is demonstrating compliance with the UK General Data Protection Regulation (GDPR). This is a legal requirement for almost all organisations in the UK, but for DCC, you must be able to prove it.

Action: Review your data protection practices. Ensure you are registered with the ICO, have a privacy policy, and understand what personal data you handle. We will cover the specific evidence required in a later blog.

3. Review Your Resilience

The final core control relates to the resilience of your networks and systems. In simple terms, this means your ability to withstand and recover from a disruptive incident, like a system failure or data loss.

Action: Review your backup and recovery procedures. Are you backing up your critical data? Have you ever tested your ability to restore it? Having a basic, documented process is essential.

Level 0 Preparation Checklist

1. Confirm Requirement: Have you confirmed with the MOD contracting authority that Level 0 is the required level for your target contract?
2. Achieve Cyber Essentials: Do you have a valid, IASME-issued Cyber Essentials certificate?
3. Register with ICO: Is your organisation registered with the Information Commissioner's Office?
4. Review Privacy Policy: Do you have a clear and accessible privacy policy on your website?
5. Identify Personal Data: Do you know what personal data your organisation processes?
6. Check Backups: Do you have a process for backing up your critical business data?

Preparing for DCC Level 0 is a manageable process that sets the stage for your success in the defence supply chain. From this guidance, you can build a solid security posture and approach your assessment with confidence.

Navigating even these initial steps can be challenging if you are new to compliance. Periculo specialises in helping SMEs prepare for Defence Cyber Certification, providing clear, practical guidance every step of the way.