Singapore rolls out cyber security certification scheme

Singapore’s Cyber Security Agency (CSA) has launched a new cyber security certification scheme to recognise organisations with good cyber security practices.

Comprising two cyber security marks, Cyber Essentials and Cyber Trust, the scheme was developed in consultation with certification practitioners, technology providers and trade associations, taking into consideration the organisational profiles and operational needs of enterprises in Singapore.

Cyber Essentials is aimed at helping small and medium-sized enterprises (SMEs), which tend to have limited cyber security resources, adopt cyber security measures to protect their systems, such as data backups, access controls and incident response.

For larger firms, Cyber Trust will provide a risk-based approach to help them understand their risk profiles and identify relevant cyber security preparedness areas required to mitigate security risks.

This is done through five cyber security preparedness tiers that correspond to an organisation’s risk profile, with each tier comprising 10 to 22 domains such as governance, cyber education, information asset protection and cyber security resilience, among others.

Led by CSA and the Singapore Standards Council (SSC) with support from the Infocomm Media Development Authority, the preparedness tiers are part of a Technical Reference (TR) on cyber security standards which is expected to be published in the second quarter of 2022.

CSA said the new two cyber security marks do not certify the cyber security of specific products or services. Rather, they certify the cyber security measures adopted by an organisation.

In rolling out the certification programme, CSA has appointed eight independent certification bodies for enterprises applying for either Cyber Essentials or Cyber Trust. While the security marks are not mandatory, CSA said it will work with industry partners, such as trade associations and business groups to encourage adoption.

David Koh, chief executive of CSA, said the security certification scheme is timely and that companies could be required to demonstrate their cyber security to provide greater assurance to their customers. “Having the certification reflects the…