What is this license about? How does it impact my business if I have an unlicensed VAPT provider?
The Cybersecurity Services Regulation Office (“CSRO”) was set up on 11 April 2022 to administer the licensing framework for the cybersecurity service provider (“CSP”) under the Cybersecurity Act which aims to address three main considerations over time:
(a) Provide greater assurance of security and safety to consumers;
(b) Improve the standards and standing of CSP; and
(c) Address the information asymmetry between consumers and the CSP.
Under the Cybersecurity Act and Cybersecurity (Cybersecurity Service Providers) Regulations, the following groups of persons are required to obtain a cybersecurity service provider’s (“CSP”) licence:
those who engages in the business of providing any of the following licensable cybersecurity service (“LCS”) to other person is required to obtain a cybersecurity service provider’s (“CSP”) licence.
those who is in the business of providing a LCS, is required to obtain a licence before advertising their LCS.
If you are using the service of an unlicensed provider, these company may not manage the VAPT findings and may not be reliable in their assessments.