Clear requirements.
Understand exactly what Level 0 requires. Plain-English breakdowns of every control mapped to DefStan 05-138, so you never have to guess what "good" looks like.
No interpretation roulette. Every control, explained.
The entry point into DCC for UK defence SMEs. Scope your organisation, collect the right evidence, and get to assessment in days, not weeks.
Scoping, evidence, and assessor review, with a guided path from day one.
Understand exactly what Level 0 requires. Plain-English breakdowns of every control mapped to DefStan 05-138, so you never have to guess what "good" looks like.
No interpretation roulette. Every control, explained.
Walk through sites, systems, data, and people at your own pace. Our guided workflow builds your scope register and attestation as you go, nothing left behind.
Scope defined in hours, not weeks of workshops.
Upload a policy, register, or screenshot and our AI validates it against the control before your Assessor ever sees it. Every artefact is tagged, versioned and annotated, so your assessment pack is ready the moment the last upload lands.
Fewer iterations. Fewer clarifications. Faster sign-off.
DCC Level 0 is the entry-level certification under DefStan 05-138, for suppliers with a very low assessed cyber risk. It is built around three controls.
The pre-objective for Level 0. If you already hold Cyber Essentials or Cyber Essentials Plus, you are most of the way there.
Demonstrate that the personal data you hold is protected by appropriate UK GDPR processes and controls.
Show that your networks and systems are designed and maintained to keep running when something goes wrong.
For official guidance, see the DefStan 05-138 publication on GOV.UK, or read our plain-English guide.
DCC is a progressive framework. You certify at the level the work requires, and move up when it does.
Cyber Essentials as the pre-objective, plus UK GDPR compliance and resilient networks and systems. Three controls, for suppliers with a very low assessed cyber risk.
A comprehensive cyber security programme with good practices, for suppliers with a low to moderate assessed cyber risk.
Advanced cyber security oversight and planning, driving robust organisational and cyber practices, for suppliers with a high assessed cyber risk.
Expert cyber security capabilities that fully take advantage of "defence in depth", for suppliers with a substantial assessed cyber risk.
The questions suppliers ask before they start.
Snubnose takes suppliers through DCC Level 0 in three stages inside one workspace. A scoping wizard captures your sites, systems, data and people in minutes. An evidence pipeline collects and pre-validates documents against the three DefStan 05-138 controls Level 0 is built on. A Certification Body in the Snubnose Assessor Alliance then reviews the evidence in-app and issues the certificate. The traditional path of a multi-month internal compliance programme collapses to a part-time engagement of days.
Yes, and that is the most common starting position for Snubnose Level 0 customers. Cyber Essentials is the pre-objective for DCC Level 0 (control 0001), so holding CE covers the largest piece of the certification. Snubnose recognises your existing CE certificate, reuses the relevant evidence directly, and focuses your remaining work on the two additional DefStan 05-138 controls Level 0 requires: UK GDPR compliance (control 2314) and resilient networks and systems (control 2500).
Your assessment is delivered by a Certification Body in the Snubnose Assessor Alliance: an IASME-licensed CB that runs its DCC assessments inside the Snubnose workspace. When you reach assessment stage, Snubnose introduces you to a CB drawn from the preferred-CB list, matched on sector experience, geographic reach and current availability. The CB applies professional judgement and issues the certificate. Snubnose does not issue DCC certificates.
Most suppliers complete DCC Level 0 in five to ten working days once they begin gathering evidence in Snubnose. The path is fastest for suppliers already holding Cyber Essentials, because that covers the pre-objective directly. Scoping inside Snubnose takes minutes rather than weeks, and AI-assisted evidence validation catches gaps before the Certification Body sees the pack, which removes most of the rework before assessment.
Yes. Once your DCC Level 0 certificate is issued, your workspace stays live for the duration of the certificate cycle. Snubnose tracks evidence freshness, surfaces drift against the controls, and prompts the supplier and the Certification Body when recertification is due. The same evidence base is reused for the next cycle rather than rebuilt from scratch.
Create your workspace and begin your DCC Level 0 journey. Set up in under two minutes, no credit card required.