Australian Cyber Essentials (ACE) Certified by Bureau Veritas
Australia’s first independently certified, evidence-based cyber security assurance framework for supply chains.
What is Australian Cyber Essentials (ACE)?
ACE is a three-level, evidence-based cyber security assurance framework for Australian supply chains, developed by Cyber Audit Team and independently certified by Bureau Veritas.
Suppliers complete a structured assessment, build an evidence pack with the support of 12 guided workshops, and submit it for independent review. Certification is issued by Bureau Veritas when requirements are met.
ACE was developed specifically for the Australian market, drawing on the controls and expectations that Australian regulators, enterprises, and procurement teams already recognise, including the ACSC Essential Eight, ISO/IEC 27001, SMB1001, and ASIC cyber resilience guidance. Rather than asking suppliers to achieve full certification against any single standard, ACE curates the essential controls that matter most for supply chain risk into one practical, independently verified pathway.
One certification. Reusable across multiple customers.
What is Australian Cyber Essentials (ACE)?
ACE is a three-level, evidence-based cyber security assurance framework for Australian supply chains, developed by Cyber Audit Team and independently certified by Bureau Veritas.
Suppliers complete a structured assessment, build an evidence pack with the support of 12 guided workshops, and submit it for independent review. Certification is issued by Bureau Veritas when requirements are met.
ACE was developed specifically for the Australian market, drawing on the controls and expectations that Australian regulators, enterprises, and procurement teams already recognise, including the ACSC Essential Eight, ISO/IEC 27001, SMB1001, and ASIC cyber resilience guidance. Rather than asking suppliers to achieve full certification against any single standard, ACE curates the essential controls that matter most for supply chain risk into one practical, independently verified pathway.
One certification. Reusable across multiple customers.
ACE Ready
Essential controls evidenced
ACE Robust
Strengthened controls and governance evidenced
ACE Resilient
Mature controls and recovery readiness evidenced
Not self-attested. Evidence based assessment certified by Bureau Veritas
The Problem
- Supplier questionnaires are inconsistent and unverifiable
- Self-attestation provides no defensible assurance
- Suppliers waste time answering the same questions for every customer
- Neither side has a scalable, credible solution — until now
Purpose Built for Supply Chain Assurance
ACE doesn’t replace existing frameworks — it’s purpose-built to solve the specific challenge of supply chain cyber security assurance.
Existing frameworks are valuable, but each leaves critical gaps:
- Comprehensive frameworks are excellent for internal security management, but often too resource-intensive and costly for small and medium-sized enterprises (SMEs) to achieve and maintain
- Technical guidance provides highly effective mitigation strategies, but lacks the governance, risk management, and business context needed for holistic supplier assurance
- SME-focused standards provide a practical on-ramp, but can miss nuances of the modern threat landscape
- Platform-specific tools are powerful within their ecosystem, but provide no visibility into broader infrastructure, third-party applications, or policy and procedure
Enterprises struggle to consistently assess suppliers. Suppliers face conflicting requirements. Neither achieves defensible, scalable assurance.
ACE closes that gap.
Ready to move from trust to verify?
For enterprises:
A consistent, defensible way to assess your suppliers.
For suppliers:
Prove your cyber security posture once, use it everywhere.