The services to be covered under the current licensing regime include but not limited to the following:
NB: If the services a CSP intends to offer are not covered above, the CSP may still apply and the Authority will assess the application and make a determination, in accordance with the First Schedule of the Cybersecurity Act, 2020 (Act 1038).
To obtain a licence, a Cybersecurity Service Provider is required to meet a number of requirements, including: completion of online application form, description of services offered as well as the technical processes in offering such services, validation of accreditation status of cybersecurity professionals employed to deliver the service, submission and confirmation of business Registration status, submission of tax clearance certificate, and a proof or willingness to provide cybersecurity insurance coverage to cover potential losses arising from the delivery of cybersecurity services, among others.
Details of the requirements as well as the application process shall be made available to prospective cybersecurity service providers once they register to commence the application process.
The CSA shall within thirty (30) days of receipt of a complete application for a licence, inform the applicant of the decision via e-mail and/or online portal.
Yes, the licence of a Cybersecurity Service Provider may be revoked based on specific grounds including but not limited to the following
According to section 49 of Act 1038, operating without a licence as a Cybersecurity Service Provider in Ghana is an offence punishable by a penalty equivalent to the cost of damage caused and the financial gain made.
A licence granted is valid for two (2) years from the date specified on the licence.
A licenced Cybersecurity Service Provider who intends to continue operations shall not later than one (1) month before the expiration of the licence, apply to the Authority for a renewal of the licence.
The CSA may suspend a licence for not more than six (6) months where;
The applicant shall receive notification on the outcome of the licence application via email and/or the online portal of CSA.
An applicant can check the progress of the application via the CSA’s online portal.
Yes. Existing CSPs have a grace period of six (6) months from the date of commencement of this exercise to obtain a licence.
No. As specified in section 52 of Act 1038. A person who transfers a licence commits an offence which may lead to the payment of fines and/or a term of imprisonment.
The types of CEs to be accredited are:
NB: If the operations a CE intends to perform are not covered above, the CE may still apply, and the Authority will assess the application and make a determination.
To obtain an accreditation, a Cybersecurity Establishment is required to meet a number of requirements, including: completion of online application form, description of services offered as well as the technology set up in offering such services, submission of standard operating procedures, validation of accreditation status of cybersecurity professionals employed to deliver the service, submission and confirmation of business Registration status, among others.
Details of the requirements as well as the application process shall be made available to prospective cybersecurity establishments once they register to commence the application process.
The CSA shall within thirty (30) days of receipt of a complete application for an accreditation certificate, inform the applicant of the decision of the Authority via e-mail and/or online portal.
An accreditation certificate is valid for two (2) years from the specified date of issuance.
An accredited CE which intends to continue operations shall, not later than one (1) month before the expiration of the accreditation certificate, apply to the Authority for a renewal of the accreditation certificate.
Yes, the accreditation of a CE may be revoked based on grounds which include the following: The CSA may suspend an accreditation for not more than six (6) months where;
Yes. The accreditation of a CE may be revoked based on grounds which include but are not limited to the following;
The applicant shall receive notification on the outcome of an application via email and/or the online portal of CSA.
An applicant can check the progress of the application via the CSA’s application portal.
No, an accreditation cannot be transferred to another CE.
Section 97 of the Cybersecurity Act, 2020 (Act 1038) defines a Cybersecurity Professional as a person accredited under this Act to perform a cybersecurity-related professional function.
To obtain an accreditation, a Cybersecurity Professional (CP) is required to meet a number of requirements, including completion of an online application form, applicant’s national ID (Ghana card), (for foreigners, a non-citizen Ghana Card or photocopy of the biodata page of a valid passport), submission of a Curriculum Vitae (CV) that clearly shows the applicant’s relevant experiences in cybersecurity, submission of a recommendation or reference, and an undertaking to undergo background checks and verification, among others.
Details of the requirements as well as the application process shall be made available to prospective cybersecurity professionals once they register to commence the application process.
To obtain an accreditation, a foreign-based Cybersecurity Professional (CP) is required to meet a number of requirements, including completion of online application form, submission of background check report issued by competent authority of the country of origin or the country of residence for the past five (5) years, submission of bio-data page of a valid travel document, evidence of a job or consultancy offer or an intention by a Ghanaian-based entity to offer a cybersecurity job or consultancy, submission of relevant academic and professional qualifications and certifications for verification, submission of insurance cover where applicable, proof of membership of a cybersecurity professional body and recommendations issued by current/previous employer or firm which contracted the services of the applicant, among others.
Details of the requirements as well as the application process shall be made available to prospective cybersecurity professionals once they register to commence the application process.
The CSA shall within thirty (30) days of receipt of a complete application for accreditation, inform the applicant of the decision of the CSA via e-mail and/or online portal.
Yes. The CSA may suspend an accreditation for not more than six (6) months where;
The CSA may suspend an accreditation for not more than six (6) months based on the grounds stated in the accreditation conditions such as when certificate holder fails to renew the accreditation certificate not later than one (1) month before the expiration of the accreditation, among others.
The applicant shall receive notification on the outcome of an application via email and/or the online portal of CSA.
An accreditation certificate is valid for two (2) years from the date specified on the certificate.
An accredited CP who intends to continue operations shall, not later than one (1) month before the expiration of the certificate, apply to the Authority for a renewal of the accreditation certificate.
An applicant can check the progress of an application via the online portal of CSA.
No. An accreditation certificate cannot be transferred to another CP.