Cyber Security Authority extends deadline for licensing, accreditation
The Cyber Security Authority (CSA) has extended the deadline for the licensing and accreditation of cybersecurity service providers (CSPs), cybersecurity professionals (CPs), and cybersecurity establishments (CEs).
Originally set to end on September 30, 2023, the timeline has been extended to December 31, 2023, to allow industry players who have not commenced the process to do so in compliance with the Cybersecurity Act 2020 (Act 1038).
In a statement announcing the extension, the CSA explained that the extension was also in line with its adaptation of a collaborative approach to regulate the industry and the need to create an enabling and vibrant ecosystem that allowed for the development of the industry.
It, therefore, urged applicants who had registered on the CSA’s licensing and accreditation portal but were yet to submit completed applications to take advantage of the new timeline and do so within this period of extension.
Licensing
Ghana is the first country in Africa and the second in the world after Singapore to trigger a regulatory framework to license the cybersecurity sector.
The purpose is to provide a streamlined mechanism for ensuring that CSPs, CEs, and CPs offer their services in accordance with approved standards and procedures in line with domestic requirements and international best practices.
That will also provide greater assurance of cybersecurity and safety to consumers while addressing national security concerns.
Sensitisation
Ahead of the implementation, the CSA held a series of sensitisation activities including organising public consultation sessions to solicit input from key stakeholders, including academia, industry, civil society and the government, on the regime.
Also, the regulatory body is collaborating with other stakeholders to ensure compliance.
For instance, at a recent joint press conference between the CSA and the Public Procurement Authority (PPA), the two institutions joined forces to ensure that entities procuring cybersecurity services did so in accordance with the guidelines developed pursuant to Act 1038.
The regulation also applies to covered entities to engage cybersecurity service providers, cybersecurity establishments, and cybersecurity professionals who are licensed by the CSA in performing cybersecurity-related functions.
The regulatory framework is in tune with Section 2 of the Public Procurement Act to guarantee that public procurement is done in a fair, transparent and non-discriminatory manner as required by law.