At the tail end of September 30 2023, all providers and practitioners involved in the field of cybersecurity within the country are required to undergo the process of registration, obtaining licenses, and securing accreditation from the Cyber Security Authority (CSA).
Failing to adhere to this directive, as stated by Dr. Albert Antwi-Boasiako, the Director-General of CSA, would lead to the imposition of administrative penalties and potential legal action. Furthermore, those who do not comply will not be considered for offering their services to state entities and institutions.
Dr. Antwi-Boasiako made these remarks during a joint press conference held in Accra, accompanied by the Public Procurement Authority (PPA). The purpose of this press conference was to announce the implementation of the requirement for security service providers and professionals to obtain proper licensing and accreditation before rendering their services to state establishments.
Highlighting the legal context, Dr. Antwi-Boasiako pointed out that Sections 49, 57, and 58 of the Cyber Security Act (Act 1038) mandated the CSA to oversee the licensing of Cybersecurity Service Providers (CSPs) and the accreditation of Cybersecurity Establishments (CES) and Cybersecurity Professionals (CPs).
The objective behind the licensing and accreditation, he elaborated, was to ensure that CSPs, CES, and CPs across the nation conduct their cybersecurity-related activities in alignment with internationally approved best practices. This approach would offer increased confidence in cybersecurity and safety for consumers while also addressing concerns related to national security.
Up to the present moment, Dr. Antwi-Boasiako informed that a total of 448 cybersecurity service professionals, 25 establishments, and 92 service providers have completed registration for the licensing and accreditation process since it began on March 1 of this year.
He further explained that the CSA is working in collaboration with the PPA, a key state entity, to enforce the guidelines pertaining to the Licensing of CSPs and the Accreditation of CES and CPs, particularly concerning state institutions that procure cybersecurity services.
“The focused areas of collaboration include ensuring that Covered Entities, in procuring cybersecurity services in accordance with the Guidelines developed pursuant to Act 1038, engage Cybersecurity Service Providers who are licensed by the CSA; and ensuring that state institutions engage Cybersecurity Establishments and Cybersecurity Professionals who are accredited by the CSA in performing cybersecurity- related functions.
Through this collaboration, the PPA will ensure that as part of vetting procurement applications to the PPA Board, cybersecurity issues are considered and Cybersecurity Service Providers who submit applications to the PPA Board are accredited by the CSA before being considered for any form of engagement,” Dr Antwi-Boasiako added.
According to him, the implementation of this regulation would position Ghana as a pioneer in Africa, joining a limited number of countries globally, such as Singapore, that have introduced a licensing system for Cybersecurity Service Providers and a framework for accreditation for Cybersecurity Establishments and Professionals.
Additionally, he pointed out that this move would align with Ghana’s endeavors to elevate its ITU Global Cybersecurity Index ranking from 3rd place to the top position in Africa, as well as secure a place among the top 25 globally.
He went on to mention that, since the initiation of this regulatory initiative, the CSA has collaborated with various agencies, institutions, and associations involved in providing cybersecurity-related services. He urged the public to rally behind the Authority in its efforts to bolster cyber safety.
Frank Mante, the Chief Executive Officer of the PPA, affirmed that the Authority is committed to ensuring that state institutions exclusively engage companies and professionals who possess CSA licenses and accreditation as part of their qualification prerequisites for any contracts pertaining to cybersecurity.
He emphasized that the PPA is dedicated to enforcing compliance with established standards and will incorporate CSA licensing and accreditation as key factors in the qualification and pre-qualification criteria for the selection of Cybersecurity Service Providers, Cybersecurity Establishments, and Cybersecurity Professionals.
Mante also stated that the PPA is resolute in fulfilling its mandate of collaborating with the CSA to address cybersecurity concerns, combat cybercrime, and safeguard the online well-being of the public.
“This partnership will ensure that best practices are observed, especially by ensuring that only CSA licensed experts provide cybersecurity services in the public sector,” Mr Mante added.