Licensing Of Cybersecurity Service Providers Commences

The Cybersecurity Authority (CSA) has began licensing Cybersecurity Service Providers (CSP).

It is also accrediting Cybersecurity Establishments (CEs) and Cybersecurity Professionals (CPs).

The exercise began on March 1, 2023.

The exercise is in pursuant to the Cybersecurity Act, 2020 (Act 1038), sections 4(k), 49, 50, 51, 57 and 59.

In a statement the Authority said, the regulatory exercise starts with the licensing of existing and new CSPs, followed by the accreditation of CEs and CPs.

It explained that this will ensure that processes and technology used by Cybersecurity Establishments such as digital forensic laboratories and managed cybersecurity services are in line with international best practices and standards adopted by the Authority.

Licensing

The CSA will license CSPs and accredit CPs with requisite expertise in Vulnerability Assessment and Penetration Testing, Digital Forensics Services, Managed Cybersecurity Services, Cybersecurity Governance, Risk and Compliance.

“Accreditation to Cybersecurity Establishments will consider Digital Forensics Facility and Managed Cybersecurity Service Facility.”

In line with the process, existing CSPs, who are already engaged in the business of providing cybersecurity services have from March 1 to September 30, 2023 to apply for a licence.

A CSP who fails to obtain a licence at end of the earmarked period will have to cease operation until a licence is obtained from the Authority, the statement said.

Meanwhile, a CSP who applies for a licence by September 30, may continue to provide its service until a decision on the application has been made by the Authority.

A licence or accreditation granted is valid for two (2) years from the date of issuance.

Consequences

According to the Authority, CSPs who fail to get a licence will be liable to pay administrative penalties.

The penalty will take effect after the end of September this year.

Benefits

The exercise is meant to control cybersecurity risks and protect the interests and safety of the public, children, businesses, and government, the CSA held.

“With the increasing rate of cybercrimes, CSPs, CEs and CPs have become critical components for mitigating cybersecurity threats and vulnerabilities within Ghana’s fast-developing digital ecosystem.”

It is also meant to ensure the targeted entities have the requisite skill-set and competence and meet the established standards for offering sufficient protection of the computer systems and networks in the country’s digital ecosystem.

Additionally, the exercise is meant to provide assurance of cybersecurity and safety to consumers.

Read The Full Statement Here: CSA On Service Providers Licensing

Source: opemsuo.com/Hajara Fuseini