The Cyber Security Authority (CSA) has announced the commencement of the process of licensing Cybersecurity Service Providers (CSPs), accreditation of Cybersecurity Establishments (CEs) and Cybersecurity Professionals (CPs).
This is in pursuant to the Cybersecurity Act, 2020 (Act 1038), sections 4(k), 49, 50, 51, 57 and 59, which mandates the Authority to regulate the above activities.
The intent of the regime is to ensure regulatory compliance with the Cybersecurity Act, 2020 (Act 1038) and to certify that CSPs, CEs and CPs offer their services in accordance with approved standards and procedures in line with domestic requirements and industry best practices.
The licensing and accreditation regime will take effect from March 1, 2023, and will apply to existing and new CSPs, CEs and CPs. For a start, CSA will license Cybersecurity Service Providers in five key areas, namely; Vulnerability Assessment and Penetration Testing (VAPT), Digital Forensics Services, Managed Cybersecurity Services, Cybersecurity Governance, Risk and Compliance (GRC) and Cybersecurity Training. Cybersecurity professionals who have the relevant qualifications, demonstrable competence and industry experience shall also be accredited in the above areas as part of the regulations.
Accreditation of Cybersecurity Establishments will apply to Digital Forensics facilities and Managed Cybersecurity Service facilities operating in the country.
Background on the Licensing and Accreditation Regime.
Prior to the promulgation of the Cybersecurity Act, 2020 (Act 1038) and the establishment of the Cyber Security Authority (CSA), no government institution had the mandate to regulate cybersecurity service providers (CSP), cybersecurity establishments (CEs) and cybersecurity professionals (CPs) and the sector was generally not regulated.
It has become necessary that the industry is regulated by the CSA, to control cybersecurity risks and to protect the interests and safety of the Public, Children, Businesses, and Government. With the increasing rate of cybercrimes, CSPs, CEs and CPs have become critical components for mitigating cybersecurity threats and vulnerabilities within Ghana’s fast-developing digital ecosystem in line with the Cybersecurity Act, 2020 (Act 1038).
Cybersecurity services by its nature, are sensitive and intrusive. Cybersecurity service providers (CSPs), Cybersecurity Establishments (CEs) and Cybersecurity Professionals (CPs) normally gain access to clients’ critical information assets thereby gaining knowledge of existing vulnerabilities and sensitive information, which could be potentially abused or exploited. It is also possible to have CSPs, CEs, and CPs who may not be competent or who may employ substandard processes to the detriment of Ghana’s digital ecosystem. In addition, some businesses or government agencies lack the capability of ascertaining the credibility or qualification of CSPs, CEs or CPs especially since there is no repository of licensed and accredited CSPs, CEs or CPs.
Furthermore, national security considerations are driving regulations in the sector to ensure only persons and institutions which are qualified and in good standing undertake these critical services. The Government, through the CSA, regulates the sector by providing a licensing framework in accordance with Sections 49 to 59 of Act 1038 to ensure that CSPs, CEs and CPs attain a higher level of compliance with Act 1038 and standards in line with international best practices.
This is to provide assurance to the public and other key stakeholders that the cybersecurity services they procure from industry will support in securing their assets and processes.
Section 57 of Act 1038 mandates the CSA to establish a mechanism to accredit cybersecurity professionals. Such an accreditation process provides recognition to accredited cybersecurity professionals, who have proven demonstrable competence in their specific cybersecurity profession.
Section 59 of Act 1038 further mandates the CSA to enforce cybersecurity standards and monitor compliance by public and private sectors including cybersecurity establishments or institutions.
Latest Stories
-
‘Expired’ rice scandal: FDA is complicit; top officials must be fired – Ablakwa
16 mins -
#TheManifestoDebate: We’ll provide potable water, expand water distribution network – NDC
34 mins -
IPR Ghana@50: Pupils educated to keep the environment clean
40 mins -
PenTrust CEO named ‘Best Pensions CEO’, company wins ‘Scheme Administrator Award’ at Ghana Accountancy & Finance Awards 2024
60 mins -
Alan Kyerematen’s ‘Brighter Future for Health Professionals’ in Ghana Revealed in Bono
1 hour -
#TheManifestoDebate: NPP will ensure a safer, cleaner and greener environment – Dr Kokofu
1 hour -
2024 Election: Police to deal with individuals who will cause trouble – IGP
1 hour -
Seychelles President’s visit rekindles historical and diplomatic ties with Ghana
1 hour -
Election 2024: EC destroys defective ballot papers for Ahafo and Volta regions
2 hours -
2024 Election: I am sad EC disqualified me, but I endorse CPP’s candidate – PNP’s Nabla
2 hours -
I want to build a modern, inclusive country anchored by systems and data – Bawumia to CSOs
2 hours -
Miss Health Ghana 2024: Kujori Esther Cachana crowned new Health Ambassador
2 hours -
Playback: The manifesto debate on WASH and climate change
2 hours -
Alan Kyerematen saddened by NDC and NPP’s neglect of Krofrom Market in the Ashanti Region
2 hours -
CSIR Executive Director urges farmers to adopt technology for improved farming
3 hours