All cyber security service providers and professionals in the country are expected to register for license and accreditation from the Cyber Security Authority (CSA) by September 30 this year.
Failure to do so, according to Dr Albert Antwi-Boasiako, Director-General of CSA, would result in the imposition of administrative penalties and possible prosecution.
Additionally, he said, the providers and professionals would not be considered for service provision to state entities and institutions.
He was speaking at a joint press conference in Accra yesterday with the Public Procurement Authority (PPA) to announce the enforcement of the requirement for security service providers and professionals to be licensed and accredited before providing service to state institutions.
Dr Antwi-Boasiako noted that, the CSA was mandated by Sections 49, 57 and 58 of Cyber Security Act, (Act 1038) to License Cybersecurity Service Providers (CSPs) and Accredit Cybersecurity Establishments (CES) and Cybersecurity Professionals (CPs).
The licensing and accreditation, he explained, was to ensure that CSPs, CES and CPs throughout the country carry out cybersecurity-related activities in accordance with approved international best practice while providing greater assurance of cybersecurity and safety to consumers and addressing national security concerns.
So far, he indicated that 448 cyber security service professionals, 25 establishments and 92 service providers have been registered for licensing and accreditation since the commencement of the exercise in March 1 this year.
The Director-General stated that the CSA collaborating with PPA as a key state agency with the objective of enforcing the guidelines for the Licensing of CSPs and Accreditation of CES and CPs, as it applies to state institutions procuring cybersecurity services.
“The focused areas of collaboration include ensuring that Covered Entities, in procuring cybersecurity services in accordance with the Guidelines developed pursuant to Act 1038, engage Cybersecurity Service Providers who are licensed by the CSA; and ensuring that state institutions engage Cybersecurity Establishments and Cybersecurity Professionals who are accredited by the CSA in performing cybersecurity- related functions.
Through this collaboration, the PPA will ensure that as part of vetting procurement applications to the PPA Board, cybersecurity issues are considered and Cybersecurity Service Providers who submit applications to the PPA Board are accredited by the CSA before being considered for any form of engagement,” Dr Antwi-Boasiako added.
The enforcement of the regulation, he said, would make Ghana the first country in Africa, and one of the few in the world such as Singapore, to introduce a licensing regime for Cybersecurity Service Providers and accreditation for Cybersecurity Establishments and Professionals.
Also, he stated that, it would complement Ghana’s efforts in improving its ITU Global Cybersecurity Index ranking from 3rd to 1st in Africa and among the top 25 in the world.
He said, since the commencement of the regulatory exercise, the CSA had engaged agencies, institutions and associations that offer cybersecurity-related services and called on the public to support the Authority enhance cyber safety.
Chief Executive Officer of PPA, Frank Mante said the Authority would ensure that as part of qualification requirements, state institutions engage only firms and professionals that were licensed and accredited by the CSA for all contract relating to cybersecurity.
The Authority, he noted, would ensure compliance with standards and incorporate CSA licensing and accreditation into the qualification and pre-qualification criteria for the selection of Cybersecurity Service Providers, Cybersecurity Establishments, Cybersecurity Professionals.
He stated that the PPA was committed to its responsibility of working with the CSA to address cybersecurity matters as well as fighting cybercrime and maintaining the public safety of citizens online.
“This partnership will ensure that best practices are observed, especially by ensuring that only CSA licensed experts provide cybersecurity services in the public sector,” Mr Mante added.