The Cyber Security Authority (CSA) has set September 30, 2023 as the deadline for cybersecurity service providers (CSPs), cybersecurity establishments (CEs), and cybersecurity professionals (CPs) to obtain the necessary licence and accreditation.
Subsequently, it said, public sector institutions will only engage CSPs, CEs and CPs that possess CSA-approved licencing and accreditation, thus aligning with Act 1038 and the Guidelines for CSP licencing and CES and CP accreditation.
Since the exercises commenced on March 1, 2023, a total of 448 cybersecurity professionals, 25 cybersecurity establishments and 92 cybersecurity service providers have registered for the licencing and accreditation process, the CSA disclosed.
Announcing the latest developments at a joint press conference between the CSA and Public Procurement Authority (PPA) in Accra, Director-General of the CSA, Dr. Albert Antwi-Boasiako, declared that the country will become a pioneer nation in Africa – joining a select global group including Singapore to introduce a licencing regime for cybersecurity service providers, as well as an accreditation process for cybersecurity establishments and professionals when the regulation is finally enforced.
“Cyber is a global commodity, and you need to adopt certain best practices which are consistent with international best practices. But it’s a question of waiting for other countries to start first before you do. Ghana is leading the way in this direction, and the process has been smooth so far in terms of the registration processes and others,” he said.
He added: “Again, this exercise will complement Ghana’s efforts in improving its International Telecommunication Union’s (ITU) Global Cybersecurity Index ranking from 3rd to 1st in Africa, and among the world’s top 25”.
Partnership with PPA
The Director-General also revealed a partnership with the Public Procurement Authority, which will take effect from October 1, 2023 – after the September deadline – and subject cybersecurity entities to rigorous procurement procedures before they can deal with public sector institutions.
This, he said, will ensure a robust and thorough vetting process for cybersecurity service providers before their involvement in government projects.
Considering the cross-sectorial nature of cybersecurity and its effects on the country’s socio-economic development, Dr. Antwi-Boasiako said it is expedient that the CSA collaborates with key agencies to ensure adequate systems and processes are put in place to promote cyber-resilience across sectors.
Other areas of the collaboration include ensuring that covered entities – in procuring cybersecurity services by the Guidelines developed pursuant to Act 1038 – engage cybersecurity service providers that are licenced by the CSA; and ensuring that covered entities engage cybersecurity establishments and cybersecurity professionals who are accredited by the CSA in performing cybersecurity-related functions.
PPA welcomes collaboration
Chief Executive Officer (CEO) of the Public Procurement Authority (PPA), Frank Mante, on his part said the collaboration with CSA will contribute to the PPA’s overall objective of harmonizing the processes of public procurement in the public service to secure a judicious, economic and efficient use of state resources.
He assured that the Authority will “ensure compliance with standards and incorporate CSA licencing and accreditation into the qualification and prequalification criteria for selecting cybersecurity service providers, cybersecurity establishments and cybersecurity professionals to be engaged by public sector institutions”.
“Government, through the CSA and other relevant agencies such as the PPA, has a shared responsibility of addressing cybersecurity matters and is committed to fighting cybercrime and maintaining the public safety of citizens online. This partnership will ensure that best practices are observed, especially by ensuring that only CSA-certified experts provide cybersecurity services in the public sector,” he added.