Morgan Sindall Group has been announced as the first organisation to achieve certification under the new Defence Cyber Certification (DCC) scheme.
This milestone marks the beginning of a phased rollout of the DCC scheme, an initiative developed by cyber security certification company IASME in partnership with the Ministry of Defence (MOD).
By introducing a comprehensive cyber security framework for defence suppliers, the scheme aims to strengthen the cyber resilience of the UK's Defence supply chain, and enhance the security, resilience, and future prosperity of the UK.
The growing threat to defence supply chains
Cyber threats to the defence sector are growing in both frequency and sophistication. According to the 2024 Data Threat Report from defence contractor Thales, the vast majority (93%) of organisations in the CNI sector have observed an increase in cyber attacks. The Defence Cyber Certification (DCC) scheme is a proactive response to these threats, ensuring that all organisations in the Defence supply chain, regardless of size, are equipped to defend against cyber risks.
The DCC certification emphasises the overall security and resilience of the organisation and is structured into four levels, L0-L3, each level corresponding to a specific degree of cyber risk associated with a supplier’s role in the MOD supply chain.
Eleanor Fairford, Director Cyber Defence and Risk, MOD, said: “Defence Cyber Certification (DCC) strengthens cyber resilience in the UK's defence supply chain. Organisations obtaining and maintaining DCC prove their ongoing commitment to UK Defence.”
Proactive certification for future opportunities
While the MOD assigns the required level for suppliers working on specific contracts, organisations are not limited to applying for certification only at the level specified in their current contracts.
Applicants can apply for certification at any level, even if they are not currently engaged in an MOD contract. This flexibility allows organisations to demonstrate their commitment to cyber resilience, prepare for future opportunities, and avoid the need for repeated assessments on a contract-by-contract basis.
The certification process involves a point-in-time assessment against the uplifted UK Defence standard. Compliance with this UK Defence standard for cyber resilience in organisations will soon become a requirement in all Defence procurement and contract activities.
Certification obtained via the DCC scheme provides a clear, future-focused demonstration of an organisation’s approach to cyber resilience. It allows suppliers to submit their certification in satisfaction of MOD requirements and provides a ‘badge’ that signals to other buyers that the organisation is taking cyber resilience seriously.
A framework aligned with international best practice
The DCC scheme aligns with international best practices in cyber security, ensuring that organisations certified under the scheme meet globally recognised standards. All levels start with Cyber Essentials certification, with Levels 2 and 3 requiring Cyber Essentials Plus.
Phased rollout of certification levels
The scheme’s first certification level, Level 0, is now live for applicants, marking the official start of this critical programme. The DCC scheme’s higher certification levels will become available in the coming months.
Why certify to the DCC scheme?
The DCC scheme provides defence suppliers with a valuable opportunity to enhance their cyber security posture while gaining a competitive edge in the industry.
Certification demonstrates a commitment to cyber resilience, bolstering an organisation’s reputation and positioning it as a trusted partner for MOD contracts.
Proactively achieving certification allows organisations to meet MOD requirements in advance, simplifying compliance and future-proofing their operations.