.tmb-banner.jpg?sfvrsn=21912c52_1 "Bridewell Among First to Achieve Level 2 Defence Cyber Certification banner image")
Bridewell has recently been named as one of the first organisations to achieve Level 2 Defence Cyber Certification (DCC), marking a significant milestone in our efforts to strengthen cyber security across the UK defence supply chain.
We are currently one of only two organisations accredited at this level, underscoring our role in supporting critical national infrastructure (CNI) and defence-sector organisations with robust security practices.
The DCC scheme, developed by the UK Ministry of Defence and delivered by IASME, aims to standardise cyber security requirements across the defence supply chain. By aligning with internationally recognised standards and existing best practices, the framework is designed to reduce administrative burden over time while ensuring suppliers can demonstrate consistent and verifiable security controls.
Level 2 certification represents a substantial achievement. Organisations must meet 139 controls and demonstrate a mature, proactive approach to cyber risk management. The level is intended for contracts with moderate to high cyber risk profiles, requiring strong protective measures alongside ongoing resilience against evolving threats.
Our accreditation comes at a time when cyber attacks targeting defence organisations and their suppliers are increasing in both frequency and sophistication. The introduction of DCC is widely seen as a key step in improving supply chain assurance, helping to safeguard sensitive information, maintain operational continuity, and support national security.
Hannah Clarke-Dabson, Principal Consultant at Bridewell, described the certification as a “significant milestone” for Bridewell and highlighted the broader industry impact of the scheme.
“The introduction of DCC provides a clear and structured approach to supply chain assurance,” she said. “We are proud to be among the first organisations to meet these requirements and to help drive higher standards across the ecosystem.”
The DCC framework consists of four levels, aligned to the cyber risk profile of defence contracts. Certification is valid for three years, with an annual attestation process, offering both assurance and stability for suppliers and their customers while reducing the need for repeated compliance exercises.
Bridewell has also been involved in the rollout of the scheme as an early certification body working alongside IASME and the Ministry of Defence. This experience positions us to support organisations throughout the certification process, from initial gap analysis to ongoing compliance.
Clarke-Dabson added that DCC should be viewed as more than a compliance requirement.
“It is an opportunity for organisations to strengthen their resilience in a way that reflects the real-world threat landscape,” she said. “Our focus is on helping clients translate the framework into practical, effective security measures.”
With DCC expected to become an increasingly important requirement for suppliers working with the Ministry of Defence and prime contractors, early adoption could provide a competitive advantage. Reaching Level 2 signals both our readiness to operate at this level and our capability to support others navigating the certification process.
