Singapore’s Cyber Security Agency (CSA) has launched a new cybersecurity certification scheme to recognise good cybersecurity practices organisations. Comprising two cybersecurity marks — Cyber Essentials and Cyber Trust. The scheme was developed in consultation with certification practitioners, technology providers and trade associations, considering the organisational profiles and operational needs of enterprises in Singapore.

Cyber Essentials is aimed at helping small and medium-sized enterprises (SMEs), which tend to have limited cybersecurity resources, adopt cyber security measures to protect their systems, such as data backups, access controls, and incident response.

For larger firms, Cyber Trust will provide a risk-based approach to help them understand their risk profiles and identify relevant cybersecurity preparedness areas required to mitigate security risks. This is done through five cybersecurity preparedness tiers corresponding to an organisation’s risk profile. Each tier comprises 10 to 22 domains, such as governance, cyber education, information asset protection, and cyber security resilience.

Led by CSA and the Singapore Standards Council (SSC) with support from the Infocomm Media Development Authority, the preparedness tiers are part of a Technical Reference (TR) on cybersecurity standards, which is expected to be published in the second quarter of 2022. CSA said the new two cybersecurity marks do not certify the security of specific products or services. Rather, they certify the cybersecurity measures adopted by an organisation.

In rolling out the certification programme, CSA has appointed eight independent certification bodies for enterprises applying for either Cyber Essentials or Cyber Trust. While the security marks are not mandatory, CSA said it would work with industry partners, such as trade associations and business groups, to encourage adoption.

David Koh, chief executive of CSA, said the security certification scheme is timely and that companies could be required to demonstrate their cybersecurity to provide greater assurance to their customers. “Having the certification reflects the company’s commitment to ensure that they remain cyber secure, giving them an edge over their competitors,” he added.

To help organisations address the requirements of the security marks, the CSA has developed a tool kit for IT teams comprising resources such as templates for tracking information assets and products or services from an initial ecosystem of partners. Prior to the launch of the certification scheme, CSA worked with organisations such as e-commerce giant Lazada to “road-test” the certification requirements and gather feedback on the certification process. “CSA’s Cyber Trust provides a comprehensive and structured approach to assess the cybersecurity posture of larger business organisations, and also helps them to build a road map to further improve management processes and risk strategies,” said Yuezhong Bao, chief information security officer at Lazada Group.

“Lazada is participating in this programme to demonstrate the reliability and security of information systems and help increase business resilience in this evolving and complex cyber environment,” he added.