%20(1)%20(1).png?width=309&height=69&name=image-001%20(2)%20(1)%20(1).png "periculo")
IASME Certification Body
Defence Cyber
Certification
Secure your position in the UK defence supply chain. Periculo guides you through Level 0 and Level 1 DCC, ensuring compliance with DEF STAN 05-138.
✓
Based on DEF STAN 05-138✓
Requires Cyber Essentials✓
Audit Support
Why Defence Cyber Certification?
DCC is more than just a requirement; it's a strategic advantage for your business.
Streamlined Compliance
Replaces the need for repetitive "Per Contract" Supplier Assurance Questionnaires (SAQs), saving you time and administrative effort.
3-Year Validity
Once certified, your DCC status is valid for 3 years (subject to annual attestation), providing long-term stability for your contracts.
Competitive Edge
Early adoption of DCC demonstrates your commitment to national security, positioning you as a trusted supplier for future tenders.
What is Defence Cyber Certification?
The Defence Cyber Certification (DCC) is the Ministry of Defence's new framework for supplier cyber assurance. Developed in partnership with IASME, it replaces the previous "per-contract" self-assessments with a robust, whole-organisation standard.
It assesses your entire organisation's ability to withstand cyber threats, covering not just IT systems but also Operational Technology (OT), physical security, and personnel.
Based on DEF STAN 05-138
Aligned with the latest UK defence standards for cybersecurity.
Requires Cyber Essentials
Builds upon the solid foundation of Cyber Essentials certification.
Certification Levels
Periculo is authorised to certify organisations for Level 0 and Level 1. With Levels 2 and 3 coming in 2026.
| Feature | Level 0 | Level 1 | Level 2 | Level 3 |
|---|---|---|---|---|
| Risk Profile | Very Low | Low / Moderate | Moderate / High | High / Critical |
| Focus | Basic Cyber Hygiene | Enhanced Organizational Security | Advanced Security & Assurance | Highest Assurance / Mission Critical |
| Controls | 3 Key Controls | 101 Comprehensive Controls | Expanded Control Set | Full / Highest Control Set |
| Prerequisite | Cyber Essentials (Basic) | Cyber Essentials (Basic) | Cyber Essentials Plus | Cyber Essentials Plus + Evidence Pack |
| Assessment Type | Self-Assessment + Review | Self-Assessment + Review | Assessment + Validation | Independent Assessment |
Choose Your Path to Compliance
Periculo supports you whether you are ready for an audit or need help getting there.
(Note: As an accredited Certification Body, we maintain strict separation of duties. We cannot audit work we have implemented.)
Periculo as Your Auditor
For organisations ready for certification
As an official IASME Certification Body, we conduct the formal assessment to certify your organisation against DEF STAN 05-138.
Official Level 0 & Level 1 Assessments
Independent Verification
Fast Audit Process
Periculo as Your Implementer
For organisations needing guidance & support
Our expert consultants work alongside your team to build the governance, policies, and controls required for compliance.
Gap Analysis & Readiness Assessment
Policy Writing & Control Implementation
DCC Managed Service (Ongoing Support)
New Offering
DCC Managed
Service
Achieving compliance is just the start. Maintaining it is the challenge. Our DCC Managed Service acts as your external security compliance team, ensuring you remain audit-ready 365 days a year.
Continuous compliance monitoring against DEF STAN 05-138
Quarterly risk assessments and policy reviews
Supply chain security assurance management
Incident response planning and testing support
Why Choose Managed Service?
Expertise on Demand
Access to senior cyber security consultants without the headcount cost.
Risk Reduction
Proactive identification of vulnerabilities before they become incidents.
Simplified Audits
We maintain the evidence, making your recertification seamless.
Pricing
Managed service from £3,000
per month
Your Path to Certification
We don't just do audits; we can manage your certification. Our team guides you through every step of the journey.
01
Readiness Assessment
We review your current policies and controls to establish a baseline against DEF STAN 05-138.
02
Gap Analysis
We identify exactly where improvements are needed and provide a practical roadmap for remediation.
03
Implementation
Our experts help you prepare the necessary evidence and documentation to demonstrate compliance.
04
Certification
We conduct the final assessment and, upon success, issue your official DCC certificate.
We had a great experience working with Periculo for our Cyber Essentials Plus certification. From the very beginning, their team was incredibly responsive, supportive, and approachable, which made the preparation phase smooth and efficient.
They were always available to answer our questions, clarify requirements, and help us feel fully prepared before the audit. When it came time for the actual audit, the process was handled with impressive professionalism and thoroughness, giving us full confidence in their assessment.
Highly recommended for any organization looking for a dependable and knowledgeable partner for cybersecurity certifications.
FAQs
Find answers to frequently asked questions about ISO 27001 for digital health organisations.
What is the difference between DCC and Cyber Essentials?
Cyber Essentials focuses specifically on internet-connected IT infrastructure. DCC is broader, covering the "whole organization," including air-gapped systems, physical security, OT, and HVAC systems that are essential for operations.
Do I need Cyber Essentials Plus for Level 1?
No, Level 0 and Level 1 require a valid Cyber Essentials (Basic) certificate. Level 2 and Level 3 require Cyber Essentials Plus.
What happens if I fail the assessment?
If you don't meet the requirements, Periculo will provide feedback on the areas that need improvement. You can address these gaps and resubmit your application.
How long does a certification last?
DCC certification is valid for 3 years, subject to an annual check-in to ensure continued compliance.
Would an assessor be able to implement and audit my DCC certification?
No. To maintain impartiality and accreditation standards, the same individual or team cannot both implement the controls and perform the certification audit. However, Periculo can provide separate teams for these services, or you can choose us for one specific role.
What happens if I fail the assessment?
If gaps are identified during the assessment, you will be provided with a report detailing the non-compliances. You will typically have a remediation period to address these issues before a re-assessment is conducted.
Does DCC apply to my subcontractors?
Yes. The requirements of DEF STAN 05-138 must be "flowed down" through the supply chain. If you subcontract work that involves MOD identifiable information, you are responsible for ensuring your suppliers also hold the appropriate level of DCC certification.
How does DCC differ from ISO 27001?
While ISO 27001 is a broad international standard for information security management, DCC is a specific UK Ministry of Defence framework. DCC is prescriptive about certain controls (like Cyber Essentials) and is mandatory for defence contracts, whereas ISO 27001 is often voluntary or industry-specific.
What is the cost of certification?
Costs vary depending on the size of your organization and the certification level (Level 0 vs Level 1). Level 0 is generally lower cost due to the smaller control set. Contact Periculo for a tailored quote based on your specific organisational scope.
What is the "Scope" of the certification?
Unlike previous standards that could be limited to a specific contract, DCC typically applies to the "Whole Organisation" or at least the entire specific business unit handling MOD data. This ensures a baseline of security across your entire corporate environment.
How long does the assessment take?
For Level 1, once you have submitted your self-assessment and evidence, the review process by Periculo typically takes 1-3 days, depending on the complexity and quality of the submission. We aim for a fast turnaround to keep your contract bids on track.
Latest Insights
Keep ahead of the latest DCC updates and insights.
IASME DCC
Still Have Questions?
Have a call with our founder or one of our team to put together a free action plan.