DCC Made Easy With URM

In 2025, the UK Ministry of Defence (MoD), in partnership with IASME, released the Defence Cyber Certification (DCC), a cyber security certification framework for UK defence suppliers.  The DCC is part of a broader initiative by the UK Government to strengthen the cyber resilience of the defence sector’s supply chain, and is aimed at providing independently assessed, verifiable assurance of a defence supplier’s cyber security compliance in support of UK Defence Procurements.  By successfully achieving and maintaining DCC compliance, your organisation will clearly demonstrate the effectiveness of its security programme, gain access to MoD tenders that require certification, and strengthen its competitiveness in securing and retaining defence contracts.

The scheme defines four different compliance levels, with the level your organisation falls into dictating the number of controls you will need to implement.  The compliance levels correspond to the level of risk associated with your organisation.  Your organisation’s level will also dictate whether you need to be certified to Cyber Essentials or Cyber Essentials Plus in order to obtain DCC; Level Zero and Level One (lower risk suppliers) will need only Cyber Essentials certification, whilst Levels Two and Three (higher risk suppliers) are required to achieve Cyber Essentials Plus.

Having implemented the appropriate controls and prepared for certification, your organisation will be assessed for compliance by an approved certification body.  The assessor will identify any compliance gaps, however will be unable to assist in your implementation of solutions to close these.  Following your assessment, you will either receive certification or a confidential report of failure.

Cyber Essentials and Cyber Essentials Plus Support

As an accredited certification body for Cyber Essentials and a National Cyber Security Centre (NCSC) Assured Cyber Advisor, URM can both provide practical support to help you prepare for Cyber Essentials and/or Cyber Essentials Plus assessment and facilitate the assessment itself, allowing your organisation to meet the necessary prerequisites for certification under the DCC scheme.

DCC-Specific Support

In addition to assisting your organisation achieve the appropriate Cyber Essentials certification, URM can provide DCC-specific consultancy to help you meet the scheme’s requirements.   Our experts can conduct a gap analysis of your current cyber security programme to identify where you are already aligned with the DCC, and where improvements are required.  Following the gap analysis, we can provide practical implementation support to help you close any gaps identified and achieve DCC compliance.

‍

Why URM?

Track record

URM has a 20-year track record of providing high-quality training and consultancy services, assisting organisations to improve their information security, cyber security and risk management programmes.  Whilst the DCC is a relatively new framework, URM’s can leverage its extensive experience supporting organisations’ implementation of other security frameworks that have considerable overlap with the scheme (such as the NIST Cybersecurity Framework (CSF), and ISO 27001) to support your DCC compliance.

Tailored solutions

We at URM appreciate that no two organisations are the same and, as such, neither will their cyber security and DCC compliance programmes.  The unique requirements of your organisation, size and structure, risk appetite, products and services provided, legal and obligatory requirements, etc., will always guide our approach to supporting your compliance with the DCC.  Meanwhile, we will ensure the advice we offer reflects your existing working practices, enabling you to integrate the required DCC controls into your organisation’s business-as-usual (BAU) operations as seamlessly as possible.

Knowledge transfer

With our ‘real world’ knowledge transfer philosophy, you will benefit from our large team of consultants’ extensive practical experience and knowledge of cyber security best practice, and be able to independently improve your security by virtue of what you have learned from them, without needing to rely on ongoing consultancy support.