Search for:

Providers of managed security operations centre monitoring services and penetration testing services have to apply for the required license by 11 October 2022

In brief

Providers of managed security operations centre monitoring services and penetration testing services, collectively referred to as licensable cybersecurity services (LCS), should note that Part 5 of (and the Second Schedule to) the Cybersecurity Act 2018 will enter into force on 11 April 2022, implemented by the Cybersecurity (Cybersecurity Service Providers) Regulations 2022. To assist LCS providers in applying for the required licenses, the Cybersecurity Services Regulation Office has published an online collection of resources including application guides and a licensee information package.

Below is a summary of the background and aims of this licensing framework, as well as the criteria for the granting of an LCS licence, the timeframe and the procedure.


Background to licensing framework

One of the objectives of the Cybersecurity Act, which establishes a legal framework for the oversight and maintenance of national cybersecurity in Singapore, is to establish a “light-touch” licensing framework for the cybersecurity service providers. This licensing framework supports the efforts by the Security Agency of Singapore (CSA) to raise awareness and encourage adoption of cybersecurity solutions by businesses by addressing three main considerations:

  • Ensuring LCS are “fit and proper”, capable of reducing safety and security risks due to LCS’ significant access into their clients’ computer systems and networks, and their deep understanding of their clients’ cybersecurity posture and vulnerabilities
  • Introducing a licensing framework, which at the outset will be light-touch and will impose no quality requirements, akin to a registration regime, but with progressive raising of the quality of cybersecurity service providers (CSPs) through the future introduction of a code of ethics and certain baseline competency requirements
  • Assisting potential clients, especially smaller buyers who do not have in-house cybersecurity expertise, identifying credible CSPs appropriate for their risks and budget and increasing the demand for such services

The CSA ran an industry consultation on the proposed license conditions and subsidiary legislation from 20 September 2021 to 18 October 2021. On 11 April 2022, the CSA’s overview of the feedback was released with responses received on specific areas of feedback, which we will note below in explaining specific points of the criteria for the granting of a LCS license and the licensing conditions.

Click here to access full alert.

* * * * *

LOGO_Wong&Leow_Singapore

© 2022 Baker & McKenzie.Wong & Leow. All rights reserved. Baker & McKenzie.Wong & Leow is incorporated with limited liability and is a member firm of Baker & McKenzie International, a global law firm with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a “principal” means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an “office” means an office of any such law firm. This may qualify as “Attorney Advertising” requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.

Author

Andy Leck is the managing principal of Baker McKenzie.Wong & Leow. Mr. Leck is recognised by the world’s leading industry and legal publications as a leader in his field. Asian Legal Business notes that he “always gives good, quick advice, [is] client-focused and has strong technical knowledge for his areas of practice”. Alongside his current role as managing principal, Mr. Leck has held several leadership positions in the Firm and externally as a leading IP practitioner. He currently serves on the International Trademark Association's Board of Directors and is a member of the Singapore Copyright Tribunal.

Author

Ken Chia is a member of the Firm’s IP Tech, International Commercial & Trade and Competition Practice Groups. He is regularly ranked as a leading TMT and competition lawyer by top legal directories, including Chambers Asia Pacific and Legal 500 Asia Pacific. Ken is an IAPP Certified International Privacy Professional (FIP, CIPP(A), CIPT, CIPM) and a fellow of the Chartered Institute of Arbitrators and the Singapore Institute of Arbitrators.