Co-designed with the assessors who will certify you, Snubnose fast-tracks defence companies through Defence Cyber Certification (DCC), without a project team you can't afford to build.
For primes, compliance is a line item. For the SMEs in their supply chain, it's your best engineer tied up for six months re-proving things you've already been audited on.
We've been listening. These are the five things SMEs tell us break DCC.
Each one costs weeks. Snubnose takes them down in order.
You already hold Cyber Essentials. Maybe ISO 27001. DCC lands on top with overlapping-but-not-identical controls and SMEs are told to re-prove it all from scratch.
Snubnose reuses your existing evidence. One upload, mapped across frameworks.
There's a short list of approved Certification Bodies, they're booked out, and no website tells you which one understands your sector or what they'll actually ask for.
We're co-designed with CBs doing DCC assessments. We'll help match you to the right one.
DefStan 05-138 runs to hundreds of controls and is written assuming a CISO, a SOC, and a dedicated policy function. Most SMEs have none of those. Just working out which controls apply, and what they mean in your context, is weeks of work before you've gathered a single piece of evidence.
Snubnose scopes controls to your actual team, tech, locations.
Running DCC internally means pulling your ops lead, IT lead, and a PM off delivery for months. SMEs are assembling whole internal programmes to get certified at the direct cost of revenue work.
One person, part-time. We replace the compliance project team you'd have to staff.
Two assessors read the same control two different ways. You spend months preparing evidence, then find out on audit day that your CB wanted it framed completely differently.
Because we built Snubnose with the assessors, you walk in knowing how every piece of evidence will be read.
Most compliance tools give you a checklist. We give you the checklist your Assessor is actually holding.
A guided wizard walks you through your sites, systems, data stores, and people. Snubnose generates your scope register, diagrams, and formal attestation automatically. No manual PowerPoints.
Snubnose filters DefStan 05-138 down to your target level and your actual scope. Every control becomes plain-English questions about your operation, not abstract security language.
Upload a policy, register, or screenshot and our AI validates it against the control before your Assessor ever sees it. Data extracted from one document is reused across every control it applies to.
No email chains. No audit-day surprises. Your Certification Body reviews your scope and evidence inside Snubnose from the start so you find out what's missing way ahead of audit day.
Snubnose is a compliance management platform for UK defence suppliers pursuing Defence Cyber Certification (DCC) under DefStan 05-138. It guides suppliers through scoping, evidence collection, and assessment, with AI-assisted evidence validation and a workspace co-designed with the Certification Bodies who run DCC assessments. Suppliers move from a standing start to certified faster, without standing up an internal compliance programme.
Snubnose supports all four DCC levels (0 to 3). Whether you have been asked for Level 0 or Level 3, you can run the certification through Snubnose.
No. Cyber Essentials is not a prerequisite for using Snubnose itself. CE is, however, a prerequisite of the DCC scheme: CE is mandatory for DCC Levels 0 and 1, and CE Plus is mandatory for DCC Levels 2 and 3. Snubnose does not currently handle CE or CE Plus certification inside the platform, but Certification Bodies in the Snubnose Assessor Alliance can help suppliers obtain CE or CE Plus alongside their DCC path.
Certification timelines depend on several factors: whether you already hold Cyber Essentials or Cyber Essentials Plus, the size of your organisation, and the maturity of your IT stack. A small supplier with CE in place will move much faster than a larger organisation starting from scratch. As a working rule, Snubnose reduces certification time by around 75% compared with the traditional internal-programme path.
Snubnose is used by whoever owns compliance at the supplier, which in an SME is typically the operations lead, IT manager, or founder. The platform is designed to be driven part-time by one person rather than requiring a dedicated compliance programme. Scoping, evidence collection and Certification Body liaison all happen inside the workspace. Larger suppliers can grant additional users access for the controls they own evidence for, but most SMEs complete certification with a single primary user.
DCC Level 0 in days, not weeks. Your team on revenue work the whole time.