Linkedin-in Twitter
Cyber Incident Response
Ace Cert Partner

Australian Cyber Essentials (ACE) Certified by Bureau Veritas

Australia’s first independently certified, evidence-based cyber security assurance framework for supply chains.

Purpose-Built for Supply Chain Assurance

ACE doesn’t replace existing frameworks, it’s purpose-built to solve the specific challenge of supply chain cyber security assurance.

Existing frameworks are valuable, but each leaves critical gaps when applied to supply chain risk:

  • Comprehensive frameworks are excellent for internal security management, but often too resource-intensive and costly for SMEs to achieve and maintain.
  • Technical guidance provides highly effective mitigation strategies, but lacks the governance, risk management, and business context needed for holistic supplier assurance.
  • SME-focused standards provide a practical on-ramp, but can miss nuances of the modern threat landscape and may include outdated practices superseded by current best practice.
  • Platform-specific tools are powerful within their ecosystem, but provide no visibility into broader infrastructure, third-party applications, or policy and procedure.

The result? 

Enterprises struggle to consistently assess suppliers. Suppliers face conflicting requirements. Neither achieves defensible, scalable assurance.

Icon-Secure

The Solution?

Australian Cyber Essentials - moving the industry from 'trust' to 'verify'

What Makes ACE Different?

  • Curated, not comprehensive: Focuses on essential controls that matter for supply chain risk, not every possible control
  • Evidence-based, not self-attested: Independent Bureau Veritas certification provides defensible assurance
  • Practical for SMEs: Achievable with structured support, not requiring dedicated compliance teams or expensive consultants
  • Reusable across customers: One certification, multiple customer relationships
  • Modern threat-aware: Reflects current best practice for today’s evolving risk landscape
  • Holistic: Combines technical controls with governance and business context

What Is Included?

Icon Ready Teal |
ACE Ready

Essential controls are in place and evidenced

Icon Robust Teal |
ACE Robust

Strengthened controls and governance are implemented and evidenced

Icon Resilient Teal |
ACE Resilient

Mature controls and response, recovery readiness are evidenced

How It Works

ACE has 3 different certification levels that you can aim to achieve:

  • ACE Ready (Level 1): Essential controls are in place and evidenced
  • ACE Robust (Level 2): Strengthened controls and governance are implemented and evidenced
  • ACE Resilient (Level 3): Mature controls and response, recovery readiness are evidenced

Once you determine the level you wish to be assessed against, you can commence your journey.

For Suppliers

Your path to certification

Step 1
Guided Assessment

Complete a plain English assessment aligned to ACE requirements. No confusing jargon, just clear questions about your controls.

Step 2
Evidence Submission

Upload evidence via a secure online portal to demonstrate controls and mechanisms are in place. We’ll guide you on exactly what’s needed.

Step 3
Structured Support

Receive 12 guided workshops (12 × 1 hour) delivered by Cyber Audit Team. These can be scheduled over 12 months or accelerated based on your readiness and availability.

Step 4
Independent Certification

Bureau Veritas independently reviews your evidence. When requirements are met, you receive your certification, a credential you can use across all customer relationships.

For Enterprises

Your path to supply chain assurance

Step 1
Program Adoption

Integrate ACE into your supplier onboarding and periodic review processes. Identify which suppliers should pursue which certification levels based on risk.

Step 2
Supplier Enablement

Your suppliers are guided through assessment and evidence submission by Cyber Audit Team, reducing the burden on your procurement and risk teams.

Step 3
Independent Verification

Bureau Veritas independently reviews supplier evidence,you receive assurance without having to audit every supplier yourself.

Step 4
Ongoing Oversight

Access a consistent view of supplier certifications, renewal dates, and certification levels through your vendor management process.

Get Started today

How It Works

ACE has 3 different certification levels that you can aim to achieve:

  • ACE Ready (Level 1): Essential controls are in place and evidenced
  • ACE Robust (Level 2): Strengthened controls and governance are implemented and evidenced
  • ACE Resilient (Level 3): Mature controls and response, recovery readiness are evidenced

Once you determine the level you wish to be assessed against, you can commence your journey.

For Suppliers

Your path to certification

Step 1
Guided Assessment

Complete a plain English assessment aligned to ACE requirements. No confusing jargon, just clear questions about your controls.

Step 2
Evidence Submission

Upload evidence via a secure online portal to demonstrate controls and mechanisms are in place. We’ll guide you on exactly what’s needed.

Step 3
Structured Support

Receive 12 guided workshops (12 × 1 hour) delivered by Cyber Audit Team. These can be scheduled over 12 months or accelerated based on your readiness and availability.

Step 4
Independent Certification

Bureau Veritas independently reviews your evidence. When requirements are met, you receive your certification, a credential you can use across all customer relationships.

For Enterprises

Your path to supply chain assurance

Step 1
Program Adoption

Integrate ACE into your supplier onboarding and periodic review processes. Identify which suppliers should pursue which certification levels based on risk.

Step 2
Supplier Enablement

Your suppliers are guided through assessment and evidence submission by Cyber Audit Team, reducing the burden on your procurement and risk teams.

Step 3
Independent Verification

Bureau Veritas independently reviews supplier evidence,you receive assurance without having to audit every supplier yourself.

Step 4
Ongoing Oversight

Access a consistent view of supplier certifications, renewal dates, and certification levels through your vendor management process.

Get Started today

What Is Included?

Icon Workshops |
12 Guided Workshops
  • Plain English explanations of each requirement
  • Practical examples relevant to your business
  • Step-by-step guidance on evidence preparation
  • Q&A tailored to your specific circumstances
  • Flexible scheduling over 12 months or accelerated delivery
Icon Access |
Ongoing Access
  • Secure online portal for assessment and evidence submission
  • Clear checklists and progress tracking
  • Email support between workshops
  • Resource library with templates and examples
Icon Experts |
Expert Practitioners
  • Delivered by Cyber Audit Team’s experienced cyber security specialists
  • Practical, real-world experience with Australian SMEs
  • Understanding of your business constraints and realities
  • Focus on achievable, pragmatic implementation

You're Not Alone.

You Will Receive Comprehensive Support Throughout Your Journey

Icon-Handshake

Implementation Supprt

If you identify controls you cannot implement internally, Cyber Audit Team can provide hands-on implementation support separate to the certification program:

  • Technical implementations: MFA, EDR, patch management, backup solutions, network segmentation
  • Policy and procedure development: Incident response plans, acceptable use policies, business continuity plans, disaster recovery procedures
  • Microsoft 365 security hardening: Security Score uplift, conditional access policies, DLP, secure configuration
  • Essential Eight uplift: Maturity level progression, technical implementation, evidence preparation
  • Governance frameworks: Risk registers, asset inventories, vendor management processes, security awareness training programmes
find out more
Talk to an ACE Specialist Today