Cyber security Service Providers (CSPs), Cybersecurity Establishments (CEs) and Cybersecurity Professionals (CPs) have until September 30, 2023, to obtain a license or accreditation to operate in the Cybersecurity space.
Following which public sector institutions will be required to engage CSPs, CEs and CPs licensed and accredited by the Cyber Security Authority in compliance with Act 1038 and the Guidelines for the licensing of CSPs and accreditation of CES and CPs.
The Executive-Director-General of the Cyber Security Authority (CSA), Dr Albert Antwi-Boasiako, made this known at a joint press conference between the Authority and the Public Procurement Authority (PPA) in Accra on the enforcement of the licensing of CSPs and accreditation of CEs and CPs in Ghana.
So far, 448 Cyber security Professionals, 92 Cyber security Service Providers and 25 Cyber security Establishments have registered to be licensed and accredited.
Dr Antwi-Boasiako said subsequently, the compliance requirement of the PPA would take effect from October 1, 2023, to ensure that cyber security entities are subjected to stringent procurement processes.
He said when the regulation is finally enforced, Ghana would become the first country in Africa, and one of the few in the world after the likes of Singapore, to introduce a licensing regime for Cybersecurity space.
“The exercise will complement Ghana’s efforts in improving its International Telecommunications Union Global Cyber security Index ranking from 3rd to 1st in Africa and among the top 25 in the world,” he added.
He said CSA was collaborating with PPA, with the objective of enforcing the guidelines for the Licensing of CSPs and Accreditation of CEs and CPs, as it applied to covered entities procuring cybersecurity services.
He said this would contribute to the overall objective of the PPA in harmonising the processes of public procurement in the public service to secure a judicious economic, and efficient use of state resources.
The focused areas of collaboration include ensuring that covered entities, in procuring cybersecurity services in accordance with the guidelines developed pursuant to Act 1038, engage Cybersecurity Service Providers, who are licensed by the Authority CSA.
He said it would also ensure that covered entities engage CEs and CPs, who were accredited by the CSA in performing cybersecurity- related functions.
“Through this collaboration, the PPA will ensure that as part of vetting procurement applications to the PPA Board, cyber security issues are considered and Cybersecurity Service Providers who submit applications to the PPA Board are accredited by the CSA before being considered for any form of engagement,” he added.
The Executive-Director said CSA through the PPA would also urge covered procurement entities to ensure compliance with standards and inculcate the licensing and accreditation provisions in their qualification and prequalification criteria for the selection of CSPs, CEs and CPs.
This is pursuant to provisions under Sections 22 and 23 of the Public Procurement Act, 2003 (Act 663), as amended, on the qualification and prequalification of tenderers and service providers.
“This partnership will also go a long way to supporting the PPA in training persons engaged in public procurement regarding the implementation of the Guidelines,” he said.
He said the Authority since the commencement of this regulatory exercise, engaged agencies, institutions and associations that offer cyber security-related services.
The Authority has utilised traditional and social media platforms to disseminate to the public the impact and importance of the exercise to Ghana’s cyber security development.
He said the regulatory exercise had significant benefits to the industry including national and global visibility, Cyber security Incident and Threat Intelligence Sharing, Industry Recognition and Profile, and Eligibility for Industry Forum Membership, among others.
The CSA through the partnership will ensure that best practices are observed especially in procuring cybersecurity services in the public sector.
Mr Frank Mante, the Chief Executive Officer of PPA, said Sections 49, 57 and 58 of Act 1038 mandated the Authority to license CSPs) and Accredit CEs and CPs.
He said considering the cross-sectoral nature of cybersecurity and its effects on the socio-economic development of the country, it was expedient that the Authority collaborated with key agencies to ensure that adequate systems and processes were put in place to promote cyber resilience across sectors.
The areas of collaboration include ensuring that procurement entities, in procuring cybersecurity services in accordance with the Guidelines developed pursuant to Act 1038, engage Cyber security Service Providers who are licensed and certified by the CSA.
He said the PPA would ensure that as part of qualification requirements, entities engage only firms that are licensed or certified by the CA for all contracts relating to cybersecurity.