Skip to content
IASME CERTIFICATION BODY

Defence Cyber Certification

Secure your position in the UK Defence supply chain. Periculo guides you through Level 0 and Level 1 DCC, ensuring compliance with DEF STAN 05-138.

DCC is more than just a requirement,
it’s a strategic advantage for your business.

check-1

STREAMLINED COMPLIANCE

This service is designed for startups, scale-ups, and enterprises developing Software as a Medical Device (SaMD) who are looking to enter or expand in the regulated healthcare space.

Clock

3-YEAR VALIDITY

The cost is dependent on the level of support you require. We tailor our services to meet your specific needs, ensuring you get the right balance of guidance and management.

achievement icon

COMPETITIVE EDGE

Holding DCC certification signals to the MOD and prime contractors that your security posture meets defence-grade standards — opening doors to contracts and frameworks that require supplier assurance.

What is Defence Cyber Certification?

BOOK A CALL

The Defence Cyber Certification (DCC) is the Ministry of Defence's new framework for supplier cyber assurance. Developed in partnership with IASME, it replaces the previous "per-contract" self-assessments with a robust, whole-organisation standard.

It assesses your entire organisation's ability to withstand cyber threats, covering not just IT systems but also Operational Technology (OT), physical security, and personnel.

Based on DEF STAN 05-138

Aligned with the latest UK defence standards for cybersecurity.

Requires Cyber Essentials

Builds upon the solid foundation of Cyber Essentials certification.

CERTIFICATION LEVELS

BOOK A CALL

Periculo is authorised to certify organisations for Level 0 and Level 1. With Levels 2 and 3 coming in 2026.

FEATURE
Level 0
Level 1
Level 2
Level 3
Risk Profile
Very Low
Low / Moderate
Moderate / High
High / Critical
Focus
Basic Cyber Hygiene
Enhanced Organizational Security
Advanced Security & Assurance
Highest Assurance / Mission Critical
Controls
3 Key Controls
101 Comprehensive Controls
Expanded Control Set
Full / Highest Control Set
Prerequisite
Cyber Essentials (Basic)
Cyber Essentials (Basic)
Cyber Essentials Plus
Cyber Essentials Plus + Evidence Pack
Assessment Type
Self-Assessment + Review
Self-Assessment + Review
Assessment + Validation
Independent Assessment

Chose Your Path to Compliance

Periculo supports you whether you are ready for an audit or need help getting there.

(Note: As an accredited Certification Body, we maintain strict separation of duties. We cannot audit work we have implemented.)

Periculo as Your Auditor

For organisations ready for certification

As an official IASME Certification Body, we conduct the formal assessment to certify your organisation against DEF STAN 05-138.

  • OFFICIAL LEVEL 0 & LEVEL 1 ASSESSMENTS
  • INDEPENDENT VERIFICATION
  • FAST AUDIT PROCESS
BOOK AUDIT

Periculo as Your Implementer

For organisations needing guidance & support

Our expert consultants work alongside your team to build the governance, policies, and controls required for compliance.

  • GAP ANALYSIS & READINESS ASSESSMENT
  • POLICY WRITING & CONTROL IMPLEMENTATION
  • DCC MANAGED SERVICE (ONGOING SUPPORT)
EXPLORE CONSULTANCY

DCC Managed Service

We provide comprehensive cybersecurity solutions to the defence sector, helping organizations meet the stringent requirements of the Defence Cyber Scheme and other government standards. Our services include supplier assurance, securing sensitive data, and ensuring the resilience of critical defence infrastructure. We help you navigate the complexities of defence procurement and maintain a robust security posture in an ever-evolving threat landscape.

Why choose Managed Service?

right-arrow

EXPERTISE ON DEMAND

Access to senior cyber security consultants without the headcount cost.

right-arrow

RISK REDUCTION

Access to senior cyber security consultants without the headcount cost.

right-arrow

SIMPLIFIED AUDIT

Access to senior cyber security consultants without the headcount cost.

PRICING

Managed Service from

£3,000

Per Month

ENQUIRE ABOUT MANAGED SERVICE

Your Path To Certification

We don’t just do audits; we can manage your certification. Our team guides you through every step of the journey.

01

Readiness Assessment

MEETING REGULATORY REQUIREMENTS AND MAINTAINING CONFIDENCE IN YOUR SECURITY POSTURE.

02

Gap Analysis

MEETING REGULATORY REQUIREMENTS AND MAINTAINING CONFIDENCE IN YOUR SECURITY POSTURE.

03

Implementation

Our experts help you prepare the necessary evidence and documentation to demonstrate compliance.

04

Certification

We conduct the final assessment and, upon success, issue your official DCC certificate.

Testimonials

We had a great experience working with Periculo for our Cyber Essentials Plus certification. From the very beginning, their team was incredibly responsive, supportive, and approachable, which made the preparation phase smooth and efficient.

They were always available to answer our questions, clarify requirements, and help us feel fully prepared before the audit.

NASSOS KATSAMANIS // AUXILIS.AI

FAQ’s

What is the difference between DCC and Cyber Essentials? minus-icon

Cyber Essentials focuses specifically on internet-connected IT infrastructure. DCC is broader, covering the "whole organization," including air-gapped systems, physical security, OT, and HVAC systems that are essential for operations.

Do I need Cyber Essentials Plus for Level 1? plus-icon
What happens if I fail the assessment? plus-icon
How long does a certification last? plus-icon
Would an assessor be able to implement and audit my DCC certification? plus-icon
What happens if I fail the assessment? plus-icon
Does DCC apply to my subcontractors? plus-icon
How does DCC differ from ISO 27001? plus-icon
What is the cost of certification? plus-icon
What is the "Scope" of the certification? plus-icon
How long does the assessment take? plus-icon

Latest Insights

All Articles
What the Five Eyes Agentic AI Guidance Actually Means for Your Organisation
Cyber Security

What the Five Eyes Agentic AI Guidance Actual...

The cybersecurity agencies of the United States, United Kingdom, Australia, Canada, and New Zealand published their firs...

Read More
40% of AI Projects Predicted to Fail
AI Security

40% of AI Projects Predicted to Fail

Over 40% of agentic AI projects will be cancelled by the end of 2027. If that number feels high, the reasons why are eve...

Read More
DPRK's AI-Driven npm Malware Surge: Fake Firms, RATs, and Supply Chain Threats Uncovered
AI Security

DPRK's AI-Driven npm Malware Surge: Fake Firm...

The software supply chain remains the backbone of modern application development—and an increasingly lucrative target fo...

Read More
Weekly Round Up Issue 17
Cyber Security

Weekly Round Up Issue 17

It has been a significant week for anyone supplying digital products or services to the NHS. The headlines are political...

Read More
Securing Agentic AI: Navigating Emerging Enterprise Security Risks of Autonomous AI Agents
AI Security

Securing Agentic AI: Navigating Emerging Ente...

The Rise of Agentic AI in the Enterprise Enterprises are rapidly adopting agentic AI—autonomous systems capable of execu...

Read More
AI Security Alert: Understanding and Mitigating Prompt Injection Attacks in Web Applications
AI Security

AI Security Alert: Understanding and Mitigati...

The Growing Urgency: Why Prompt Injection Attacks Demand Immediate Attention Prompt injection attacks are no longer hypo...

Read More
AI Security Threat Series: AI supply chain attacks
AI Security

AI Security Threat Series: AI supply chain at...

The threat that arrives before you even start building You can secure your model, harden your deployment, and train your...

Read More
Mitigating Indirect Prompt Injection in Google Workspace: A Continuous, Multi-Layered AI Security Approach
AI Security

Mitigating Indirect Prompt Injection in Googl...

The integration of generative AI (GenAI) within enterprise productivity suites is transforming workplace automation and ...

Read More