Companies that provide penetration testing and managed security operations center (SOC) monitoring services, in particular, will need a license to operate in Singapore. According to the Cyber Security Authority (CSA) Singapore, these include organizations and individuals directly involved in such services, third-party vendors who support these companies, and resellers of licensable cybersecurity services.
The license structure, which goes into effect on April 11, is based on the country's Cybersecurity Act and aims to better protect consumers' interests, according to the industry regulator. It also helped to raise the standards and reputation of service providers over time.
The two service categories were chosen as a starting point for the licensing regime, according to the CSA, because suppliers of these services have extensive access to their customers' ICT systems and sensitive data.
The client's business could be affected if such access is misused, according to the regulator.
Existing vendors who provide any or both of the service categories have until October 11, 2022 to apply for a license. Those who do not do so promptly will be forced to stop offering the service until a license is secured.