Cyber Security service providers, professionals required to obtain licences effective January 1, 2023

The Acting Director-General of the Cyber Security Authority, Dr. Albert Antwi-Boasiako says effective January 1, 2023, cyber security service providers and cyber security professionals would be required to operate with a licence or accreditation from the Authority. 

Speaking on The Law programme with host Samson Lardy Anyenini, he said it has become critical to maintain professional standards.

“Look at our banking system, momo interoperability, the paperless port, our national ID system- now is that an area you can just allow anybody to go there because he has a Masters in cyber security? Minimum, anybody who desires to exercise a profession in that area ought to meet the fit and proper person test. I think that is the basic litmus test that professionals ought to go through. 

It is a sensitive environment. When you conduct assessments or audits, in a banking or communication environment, you are likely to see that cleints have sensitive information. You may be exposed to sensitive personal information as well. Therefore we cannot just allow anybody, irrespective of the skill set to just conduct this activity,” he said.

The directive is aimed at implementing sections 49-56 of the Cybersecurity Act, 2020 (Act 1038). Sections 49 and 50 allow the Cyber Security Authority and the sector Minister, to issue directives and regulations to an owner of a critical information infrastructure, a cybersecurity service provider, or a service provider.

“Anyone who fails to acquire a licence, but then exercises a cybersecurity service will have to face certain consequences,” he further said.