The Cyber Security Authority (CSA) has been established by the Cybersecurity Act, 2020 (Act 1038) to regulate cybersecurity activities in the country. Pursuant to sections 4(k), 49, 50, 51, 57 and 59 of the Cybersecurity Act, 2020, the Authority hereby announces the commencement of the process of licensing Cybersecurity Service Providers (CSPs), and accreditation of Cybersecurity Establishments (CEs) and Cybersecurity Professionals (CPs).
The Licensing of CSPs and the accreditation of CEs and CPs is to ensure
All enquiries may be directed to compliance@csa.gov.gh. You can also refer to the Frequently Asked Questions
S/N | REGULATORY ACTIVITY | DESCRIPTION | SERVICES/APPLICABILITY | COMMENCEMENT DATE |
---|---|---|---|---|
1 | Licensing of Cybersecurity Service Providers | This licensing regime applies to existing and new CSPs. A CSP is an entity licensed under Act 1038 to provide a cybersecurity service. A cybersecurity service is a service for reward that is intended primarily for or aimed at ensuring or safeguarding the cybersecurity of a computer or computer system belonging to a person, and includes the services enumerated in the First Schedule of Act 1038. page 62-63 |
Under this regulatory activity, licensing will consider service providers implementing the following responsibilities:
|
March 1, 2023 |
2 | Accreditation of Cybersecurity Establishments | The accreditation regime applies to existing and new CEs. CEs include digital forensic laboratories and managed cybersecurity service facilities established to investigate cybercrimes and mitigate cybersecurity incidents |
Under this category, accreditation will take into cognizance the following:
|
March 8, 2023 |
3 | Accreditation of Cybersecurity Professionals | This accreditation applies to all CPs and provide the general and specific accreditation procedures and requirements for CPs in Ghana. This aims to ensure that persons who hold themselves out as CPs are, first of all, fit and proper to render such services, given the sensitive nature of cybersecurity. Further, this is to ensure that these CPs have the requisite skillset and competence; and meet the set standards for offering sufficient protection of the computer systems and networks in our digital ecosystem. |
Under this category, accreditation applies to professionals with requisite qualification and experience in the following services:
|
March 15, 2023 |