<<Print>>

The Cyber Security Authority(CSA) has announced the commencement of the process of licensing Cybersecurity Service Providers (CSPs), accreditation of Cybersecurity Establishments (CEs) and Cybersecurity Professionals(CPs).

This is in pursuant to the Cybersecurity Act, 2020 (Act 1038), sections 4(k), 49, 50, 51, 57 and 59,which mandates the Authority to regulate the above activities.

The intent of the regime is to ensure regulatory compliance with the Cybersecurity Act, 2020 (Act 1038) and to certify that CSPs, CEs and CPs offer their services in accordance with approved standards and procedures in line with domestic requirements and industry best practices.

This information was contained in a press release issued by the Cyber Security Authority in Accra.

The release further added; “The licensing and accreditation regime will take effect fromMarch1, 2023,and will apply to existing and new CSPs, CEs and CPs.For a start, CSA will licenseCybersecurity Service Providers in five key areas, namely; Vulnerability Assessment and Penetration Testing (VAPT), Digital Forensics Services, Managed Cybersecurity Services, Cybersecurity Governance, Risk and Compliance(GRC) and Cybersecurity Training.

"Cybersecurity professionals who have the relevant qualifications, demonstrable competence and industry experience shall also be accredited in the above areas as part of the regulations.Accreditation of Cybersecurity Establishments will apply toDigitalForensics facilities and Managed Cybersecurity Service facilities operating in the country.”

It continued; “Prior to the promulgation of the Cybersecurity Act,2020(Act1038)and the establishment of the Cyber Security Authority (CSA), no government institution had the mandate to regulate cybersecurity service providers (CSP), cybersecurity establishments (CEs) and cybersecurity professionals (CPs) and the sector was generally not regulated.”

The Cyber Security Authority emphasized in their press release that “it has become necessary that the industry is regulated by the CSA, to control cybersecurity risks and to protect the interests and safety of the Public, Children, Businesses, and Government. With the increasing rate of cybercrimes, CSPs, CEs and CPs have become critical components for mitigating cybersecurity threats and vulnerabilities within Ghana’s fast-developing digital ecosystem in line with the Cybersecurity Act, 2020 (Act 1038)”.