DCC Level 0 is an evidence-led assessment - not a technical audit. Your assessor will review specific documents against each of the three Def Stan 05-138 controls. Work through all 12 items below and confirm each is in place before your assessment begins. Tick each item as you confirm it.
Assessed against Def Stan 05-1383 Controls · 12 Checklist ItemsPrint-Friendly
⌛
Important: December 2026 Deadline
The MOD has mandated that all defence supply chain organisations achieve at least DCC Level 0 by 31 December 2026. Cyber Essentials is a mandatory prerequisite - your CE scope must align with your intended DCC scope. A scope misalignment fails the assessment immediately. Confirm everything in this checklist before your assessment begins.
0%
Ready for DCC Level 0 assessment
0 / 12
Items confirmed
Tick each item below as you confirm the document or evidence is in place for your organisation.
Control 0001 SCOPING & BOUNDARY
The assessor will verify that your Cyber Essentials certificate is current and that your DCC scope is clearly defined with supporting documentation. A missing or misaligned CE certificate triggers automatic failure - no further controls are assessed. All three documents below must be ready before your assessment begins.
Control 2314 UK GDPR & DATA PROTECTION
The assessor will review evidence demonstrating that personal data is processed lawfully under UK GDPR. This is an active compliance check - you must be able to evidence the controls are in place and working, not simply that you have written policies.
Control 2500 BUSINESS RESILIENCE & BACKUP
The assessor will verify that your organisation can recover from a cyber incident or data loss event. Resilience must be documented, backup must be actively in place, and restore capability must be tested and evidenced. Configured backups that have never been tested are not accepted as evidence of resilience.
// What Next?
READY FOR YOUR DCC ASSESSMENT?
Our UK-based team will review your scoping and documentation before your formal assessment begins - identifying and resolving any gaps before they become failures. Fixed prices, IASME certification fee included. View pricing →
Don't yet hold Cyber Essentials? CE is a mandatory prerequisite for DCC Level 0 - you cannot proceed without it. We can manage both certifications as a single engagement. Use the CE basic readiness checklist →
This checklist is based on the DCC Level 0 evidence requirements under Def Stan 05-138 (Issue 4). It is provided as a self-assessment guide only - formal certification requires assessment by an IASME Approved Certification Body. For questions about your readiness, contact our team.
// Get In Touch
GET CERTIFIED TODAY
Fill in the form and we'll be in touch shortly. No jargon, no hard sell.