1. Services
  2. Cyber Security Consultancy
  3. Cyber Security Frameworks
  4. Defence Cyber Certification (DCC)

Defence Cyber Certification (DCC)

Partner with Bridewell to secure both your organisation and your position in the Defence Supply Chain.

Speak to our DCC Experts

Bridewell are one of the first five certification bodies in the UK to pilot the DCC scheme and have been chosen to partner with IASME and the MOD to deliver DCC up to level 3.

Implementing Defence Cyber Certification

In a sector facing increasing supply chain risk to national security, along with the pressures for sales teams to quickly and effectively win business, DCC offers a streamlined approach to demonstrate supplier assurance.

  • Replaces Per Contract SAQs – DCC replaces the requirement to conduct a supplier assurance questionnaire for each defence contract your organisation is bidding for.
  • Retain Your Status For 3 Years – Once you have certified to a DCC level, you retain the status for 3 years with a short annual attestation.
  • Aligns With Other International Standards – DCC is fully aligned with international standards and DefStan 05-138, meaning you may have many controls already in place reducing additional overhead.
  • DCC is Available in 4 Levels – Each level is commensurate with the cyber risk profile of the contract an organisation may bid for.

young man studying at a computer and taking notes

What to Expect

Bridewell can support organisations wanting to attain DCC and are able to deliver services across the entire lifecycle, from gap analysis and implementation, to assessing and issuing certification.

Highly Certified

Our team consists of highly experienced and qualified cyber security assessors with a deep understanding of frameworks including DCC, DefStan 05-138, CAF, NIST, Cyber Essentials and ISO 27001. Having worked in the defence sector, including directly for the MOD, our team understand the unique challenges faced by suppliers.

Guidance and Support Before and During Certification

We can conduct detailed gap analysis and remediation recommendations on your alignment to the target DCC level, or guide you directly through the assessment process through to certification.

Support with Scoping for Your DCC Certification

Our knowledgeable team can ensure you accurately and justifiably set your DCC scope, to ensure it meets the requirements of the standard.

What are the 4 Levels of DCC?

There are 4 levels of DCC Certification which align to the Cyber Risk Profile set for each MOD or Prime Supplier Contract:

  • 3 controls and Cyber Essentials certification
  • Very low or low Cyber Risk Profile
  • Basic cyber security practices
  • Approximately 1 day in duration
  • 100% passing score to achieve certification
  • 101 controls and Cyber Essentials certification
  • Low to moderate Cyber Risk Profile
  • Developing cyber security practices, building on core control to strengthen organisational resilience.
  • 80% passing score to achieve certification
  • 139 Controls and Cyber Essentials Plus Certification
  • Moderate to high Cyber Risk Profile
  • Mature cyber security capabilities, ensuring full coverage and proactive risk management.
  • 80% passing score to achieve certification
  • 144 controls and Cyber Essentials Plus certification
  • High to very high cyber risk profile
  • Expert cyber security capabilities. Demonstrates Defence in Depth to protect against new / emerging threats.
  • 100% passing score to achieve certification
Speak to our DCC Experts

Start Your Defence Cyber Certification Journey

Speak with one of our consultants to see how we can support your organisation with this framework.

Speak to our Cyber Security Experts
hospitality

How it Works?

woman at screen
Speak to our DCC Experts

Bridewell supports organisations through every step of the Defence Cyber Certification (DCC) journey - whether you're looking for gap analysis and implementation support, or full assessment and certification. We’ll help you define and understand your DCC scope, including how to evidence it and how it aligns with your Cyber Essentials certification.

  • Kick-Off & Scoping – We start with a workshop session to understand your organisation’s context, timelines, and goals. We’ll confirm the scope and walk through IASME documentation and evidence requirements.
  • Getting Set Up – We’ll guide you through registration on the IASME portal and help you get familiar with the Applicant Submission Record (ASR).
  • Evidence Gathering – You’ll compile and upload the necessary documentation, with our support to ensure everything aligns with the requirements.
  • Theoretical Review – Our assessors review your ASR responses and supporting evidence, identifying any areas that need clarification.
  • Practical Assessment – We’ll run virtual or on-site sessions with your team to validate evidence, fill gaps, and clarify submissions.
  • Analysis & Recommendations – We analyse findings and provide clear, actionable recommendations to help you meet your target DCC level. 
  • Debrief & Certification – You’ll receive a final report and certification, followed by a debrief to walk through outcomes and next steps.

     

Further Support and Resources

For additional guidance, you can refer to: IASME DCC Help & Guidance

Watch On Demand | DCC Explained: A Practical Guide for Defence Suppliers

You can also explore our recent DCC Explained: A Practical Guide for Defence Suppliers or watch our on demand Webinar on DCC scoping and common misconceptions, where we break down key challenges and share practical advice.

Watch On Demand

Why Us?

card icon

Awards

Our team have won numerous industry awards, including 'Cyber Business of the Year' at the National Cyber Awards 2024 and 'Best Cyber Security Company of the Year' at the Cyber Security Awards 2023.

card icon

Certifications

Our people and services are highly accredited by leading industry bodies including CREST, the NCSC, and more. Our SOC holds extensive accreditations from CREST (including for CSIR and SOC2) and works closely with our cyber consultancy services.

card icon

Partnerships

As a Microsoft Partner, we also hold advanced specialisms in Cloud Security and Threat Protection. We’ve also implemented some of the UK’s largest deployments of the Microsoft Security stack, inc. Sentinel, Defender, Purview and more.

Accreditations and Certifications

We hold the most NCSC assured services of any cyber security services provider. Our cyber security consultants and services are globally recognised for meeting the highest standards of accreditation and have leading industry certifications. 

Accreditations - NCSC