The Cyber Security Authority (CSA) on Wednesday, March 1 commenced the implementation of licensing Cybersecurity Service Providers (CSPs), accrediting Cybersecurity Establishments (CEs) and Cybersecurity Professionals (CPs), pursuant to the Cybersecurity Act, 2020 (Act 1038), sections 4(k), 49, 50, 51, 57 and 59.
The purpose of the regime is to ensure regulatory compliance with the Cybersecurity Act, 2020 (Act 1038) and to certify that CSPs, CEs and CPs offer their services in accordance with approved standards and procedures in line with domestic requirements and industry best practices.
Regrading the scope of Licence and Accreditation, the CSA said given the critical role Cybersecurity Establishments such as digital forensic laboratories and managed cybersecurity services play in securing Ghana’s digital ecosystem, it is imperative that processes and technology used by such establishments are in line with international best practices and standards adopted by the Authority.
It has therefore become essential that the Authority, in line with Section 59(3) of Act 1038, takes the necessary measures such as licensing CSPs and accrediting CEs and CPs to ensure that recognised standards have been met.
“The regulatory process starts with the licensing of existing and new CSPs, which will
subsequently be followed by the accreditation of CEs and CPs,” it said in a statement.
CSA will license CSPs and accredit CPs with requisite expertise in Vulnerability Assessment and Penetration Testing, Digital Forensics Services, Managed Cybersecurity Services, Cybersecurity Governance, and Risk and Compliance.
Accreditation to Cybersecurity Establishments will consider Digital Forensics Facilities and Managed Cybersecurity Service Facilities.
Under the regime, existing CSPs, who are already engaged in the business of providing cybersecurity services will be given six months (from March 1 to September 30, 2023) to apply for a licence. A CSP who fails to obtain a licence within this period will have to cease operation until a licence is obtained from the Authority.
Regarding the benefits to industry and the country, the statements aid “It has become necessary that the industry is regulated to control cybersecurity risks and protect the interests and safety of the Public, Children, Businesses, and Government. With the increasing rate of cybercrimes, CSPs, CEs and CPs have become critical components for mitigating cybersecurity threats and vulnerabilities within Ghana’s fast-developing digital ecosystem in line with the Cybersecurity Act, 2020 (Act 1038).
