Skip content
Are you looking for?

Strengthen your defence supply chain

The Defence Cyber Certification (DCC) is an assurance framework for businesses operating in the defence supply chain. The DCC framework has been developed by the Ministry of Defence and IASME to provide independent validation to ensure an organisation meets the requirements aligned to DEFSTAN 05138. 

With increasing geopolitical tensions and an ever-increasing attack surface with a growing number of organisations within the supply chain, inconsistent cyber maturity has become a serious risk to the defence supply chain. the legacy reliance on self-assessments under Cyber Essentials Basic only gave a limited view. inconsistent cyber maturity has become a serious risk to the defence supply chain. The DCC has been developed to replace the previous self-assessment tools.

Understanding your DCC journey

From DCC readiness and pre-assessment support through to certification from level 0 through to level 3, learn how the LRQA DCC process can support your journey.

Download datasheet
Military man holding laptop screen close up shot

Our approach to Certification

Gap analysis icon

Gap Analysis & Readiness review

We break down DEFSTAN 05 138 and pinpoint exactly where your current posture meets (or misses) the mark. Expect clear, jargon free guidance you can act on.


Tailored remediation planning 

Based on your risk profile and target DCC level, we build a practical, achievable uplift roadmap shaped around how your business operates. 

Hands on expertise

Our defence grade consultants bring a unique blend of technical knowledge and real-world experience in high assurance environments. 

End-to-end guidance through Certification

From documentation and evidence collation to communicating with Certification Bodies, we remove friction, reduce delays, and help you proceed with confidence. 

Why work with us?

Specialist expertise

Our DCC assessors are fully qualified cyber security consultants; holding multiple vendor certifications and accreditations as well as highly respected industry accreditations from CREST, the PCI SSC, ISC2, BCI, Chartered Institute of IT, and NCSC CHECK. Our consultants can offer sophisticated remediation advice if any issues arise.

Cybersecurity analyst reviewing pen test results on dual screens

Industry leadership

We lead and shape industry on advisory boards and councils including the PCI SSC Global Executive Assessor Roundtable and CREST councils in the Americas, Asia, EMEA and the UK. We are certified by a range of governing bodies including the payment card industry and are approved as a Qualified Security Assessor.

Team discussing global PCI DSS compliance strategy with interactive map

Everywhere you are

Operating in over 55 countries, with more than 250 dedicated cyber security specialists and over 300 highly qualified information security auditors across the world, we can provide a local service with a globally consistent dedication to excellence.

Image of two cyber security experts chatting in an office

Award winners

We have been recognised for the breadth and depth of our services – including the TEISS Award for Best Penetration Testing Service in 2025, Enterprise Threat Detection and Cloud Security awards at the Security Excellence Awards 2024 and the Stratus Award for Best Managed Cloud Security Service.

Read article
Image of LRQA cyber security team winning at the teiss 2024 awards

The world leader in CREST accreditations

We are proud to be the only organisation in the world with a full suite of accreditations from The Council of Registered Ethical Security Testers (CREST).

Our team of consultants have achieved the highest accreditations for Penetration Testing, Red Teaming, Incident Response services and Threat Intelligence. In addition, we were also the first organisation to be CREST accredited for our Security Operation Centre services.