-optimized.jpg){kind=avatar}
The UK Ministry of Defence’s Level 2 Defence Cyber Certification (DCC) has been gained by the UK cyber security services companies Bridewell, and C3IA.
The scheme, delivered by certification body IASME, was set up to cover the defence supply chain by providing a framework that aligns with internationally recognised standards and best practice. The aim; to reduce administrative overhead, while suppliers can consistently show robust and verifiable security controls.
Achieving Level 2 certification requires that a business meets some 139 controls and shows a mature and proactive approach to managing cyber risk, say organisers. This level is aligned to contracts with a moderate to high cyber risk profile. Hannah Clarke-Dabson, Principal Consultant at Bridewell said: “Achieving Level 2 DCC is a significant milestone for Bridewell and reflects the strength of our cyber security capabilities as well as our commitment to supporting the UK defence sector. The introduction of DCC is an important development for the industry, providing a clear and structured approach to supply chain assurance. We are proud to be among the first organisations to meet these requirements and to help drive higher standards across the ecosystem.”
The DCC framework is structured across four levels, each aligned to the cyber risk profile of the contracts a business may bid for. Once certification is achieved, it is retained for three years with an annual attestation, providing assurance and stability for suppliers and customers.
Hannah Clarke-Dabson added: “DCC represents more than a compliance exercise. It is an opportunity for organisations to strengthen their resilience in a way that reflects the real-world threat landscape. Our focus is on helping clients translate the requirements of the framework into practical, effective security measures that support both their operational needs and their long-term growth.”
And Bridewell has become a new full member of the Forum of Incident Response and Security Teams (FIRST), after a peer-led vetting process and approval by the FIRST CSIRT Board of Directors.
About FIRST
FIRST has 800 members across 100 countries, spanning government, critical national infrastructure, academia, and the private sector. Membership is selective and restricted to teams that can show active, credible incident response operations.
FIRST membership is granted only by an evaluation process. During the process, Bridewell was required to evidence incident handling processes, experienced responding personnel, secure information-handling practices, and a contribution to the wider incident response community.
The membership provides access to confidential information-sharing channels, peer collaboration, and insight during major or fast-moving cyber incidents.
James John, Incident Response Manager at Bridewell said: “Incident response doesn’t stop at borders, and neither should the networks we operate in. FIRST membership means Bridewell is part of a community of vetted, trusted teams across government and industry and that directly benefits every client we support.”
Visit https://www.first.org/.
