X

Client Support

Remote Support

Windows Windows Apple Apple Google Play Store Google Play Store Apple App Store Apple App Store
Already a client, or need further help? Contact Epic IT support.
08 9228 2945

What Order Should Businesses Implement the Essential Eight, Further Five, and SMB1001?

FAQ’s, tips and insights > Cyber Security

Which Comes First: Essential Eight, Further Five or SMB1001?

When building cyber resilience, many Australian businesses ask:

Should we start with the Essential Eight, the Further Five or SMB1001?

The short answer:

Start with the Essential Eight, then work towards SMB1001, and finish with the Further Five.

Here’s why:

1. Start with SMB1001

SMB1001 is designed specifically for Australian SMBs and provides a practical, risk-based starting point.

– Covers foundational IT security, backups, continuity, and governance

– Maps to the Essential Eight but adds real-world, operationally relevant controls

– Highly actionable for businesses without large IT teams

Explore our SMB1001 Cybersecurity Framework

2. Layer in the Essential Eight

Once the groundwork is laid with SMB1001, the Essential Eight becomes your next step.

  • Developed by the Australian Cyber Security Centre (ACSC)
  • Focused on technical risk mitigation: patching, MFA, macros, etc.
  • A must-have for government tenders, insurance, and security standards

Learn more about the Essential Eight

3. Strengthen with the Further Five

With both SMB1001 and the Essential Eight in place, you’re ready to implement the Further Five.

  • Adds controls for cloud security, vendor risk, and data loss prevention
  • Elevates your compliance posture
  • Ideal for organisations handling sensitive data or scaling fast

Learn more about the Further Five.

Need Some Help?

Our support staff are happy to assist you.

  • Phone08 9228 2945
  • Email
  • Online FormOnline Form

Have a chat to our team on .. 08 9228 2945

Like to learn more about our services?

Please let us know what you are chasing and we will respond same day.