Defence Cyber Certification

If gaps are identified during the assessment, you will be provided with a report detailing the non-compliances. You will typically have a remediation period to address these issues before a re-assessment is conducted.

Yes. The requirements of DEF STAN 05-138 must be "flowed down" through the supply chain. If you subcontract work that involves MOD identifiable information, you are responsible for ensuring your suppliers also hold the appropriate level of DCC certification.

While ISO 27001 is a broad international standard for information security management, DCC is a specific UK Ministry of Defence framework. DCC is prescriptive about certain controls (like Cyber Essentials) and is mandatory for defence contracts, whereas ISO 27001 is often voluntary or industry-specific.

Costs vary depending on the size of your organization and the certification level (Level 0 vs Level 1). Level 0 is generally lower cost due to the smaller control set. Contact Periculo for a tailored quote based on your specific organisational scope.

Unlike previous standards that could be limited to a specific contract, DCC typically applies to the "Whole Organisation" or at least the entire specific business unit handling MOD data. This ensures a baseline of security across your entire corporate environment.

For Level 1, once you have submitted your self-assessment and evidence, the review process by Periculo typically takes 1-3 days, depending on the complexity and quality of the submission. We aim for a fast turnaround to keep your contract bids on track.