Program comprises separate security marks aimed at SMEs and enterprises

Singaporean cybersecurity agency launches certification scheme for businesses

The Cyber Security Agency of Singapore (CSA) has launched a certification program to incentivize businesses of various sizes to bolster their security posture.

Launched on March 29, the scheme comprises two certifications developed following consultation with certification practitioners, technology providers, and trade associations, says CSA.

A ‘Cyber Essentials’ mark, whose name mirrors that of a similar UK program, will be granted to small- and medium-sized enterprises (SMEs) that demonstrate adoption of baseline cybersecurity measures to protect themselves from cyber-attacks.

Cyber Trust, meanwhile, has more exacting criteria and is reserved for larger enterprises with lower risk appetites and more resources.


RECOMMENDED Attackers getting faster at latching onto unpatched vulnerabilities for stealth hacking campaigns


CSA said it would, in the next couple of months, publish a complementary document that will outline tiered cybersecurity measures, such as installing anti-malware solutions and protecting backups from unauthorized access, to address the risk profiles of various enterprises.

Organizations will be supported in their bids to gain certifications by a toolkit and ecosystem of partners offering privacy and security products and services.

Eight independent certification bodies have been appointed to oversee the scheme, which will be promoted through trade associations and chambers of commerce.

Pilot scheme

CSA has already piloted the frameworks with companies including Kestrel Aero, which charters flights for medical among other applications.

“We handle sensitive documents on a day-to-day basis such as passports, medical reports, crew certifications and detailed registration information of the aircraft we use,” said Dev Nath Mahendran, general manager at Kestrel Aero.

“There is a requirement for us to store these details for a certain period of time, be it for reference or auditing purposes, and we knew that if we are compliant with and uphold recognised level standards for cybersecurity, our partners, clients and customers will be more comfortable trusting our organisation with their data.”


Read more of the latest cybersecurity news from Asia


David Leong, director at Bencoolen Enterprises, master franchisee of Andersen’s of Denmark Ice Cream Singapore, which also participated, said: “These benchmarks and guidelines were developed in a way that can be understood by SMEs like us” and “will illuminate cyber blind spots”.

David Koh, chief executive of CSA, said: “Supply chain cyber-attacks will continue to proliferate in the digital space, and in time to come, companies could be required to demonstrate their cybersecurity posture when they conduct business as a way of providing greater assurance to their customers.”


YOU MIGHT ALSO LIKE ‘Dangerous’ EU web authentication plan threatens to undercut browser-led certification system, detractors claim