Cyber Trust Mark

CSA CYBER TRUST MARK CERTIFICATION

Achieve mark of distinction for implementation of cyber security practices

Achieve mark of distinction for implementation of cyber security practices

Funding support available from CSA

Cyber-attacks continue to dominate headlines worldwide, exposing enterprises to significant risk and placing them under intense scrutiny with regulators, investors, and customers. Having systems and processes to secure your business is imperative to mitigate the risk of financial loss, loss of sensitive data, operational downtime and more.

WHAT IS CSA CYBER TRUST MARK?

The Cyber Trust mark is a cybersecurity certification, developed by Cyber Security Agency of Singapore (CSA), for organisations with more extensive digitalised business operations. It serves as a mark of distinction for the organisation to prove that they have put in place good cybersecurity practices and measures that are commensurate with their cybersecurity risk profile.

The Cyber Trust mark is targeted at larger or more digitalised organisations that have gone beyond cyber hygiene. These organisations may have higher risk levels and would correspondingly invest in expertise and resources to manage and protect their Information Technology (IT) infrastructure.

Certifiable Cybersecurity Preparedness Tiers

(Chart adapted from CSA)

CSA Cyber Trust mark takes on a risk-based approach and is intended to enable organisations to put in place the relevant cybersecurity preparedness measures that commensurate with their cybersecurity risk profile. Organisations can benefit from the framework by implementing the recommended cybersecurity practices through self-assessed risk analysis and completing an audit conducted by TÜV SÜD.

WHY SHOULD AN ORGANISATION APPLY FOR A CSA CYBER TRUST MARK CERTIFICATE?

In Singapore, the Cyber Trust mark is a benchmark of your preparedness for any cyber attacks. Reasons for certifying are:

1. The Cyber Trust mark certification is a sign that distinguishes your company as a trusted partner with robust cybersecurity practices in place.
2. By meeting the self-assessment requirements of cyber security trust certification, you take a step towards compliance with international cybersecurity standards (e.g., ISO/IEC 27001).
3. The cybersecurity trust mark comes with a structured approach to assess your organisation’s cybersecurity risk profile and preparedness.

You can adopt a risk-based approach to meet the enterprise’s needs with a certification partner like TÜV SÜD.

TÜV SÜD IS YOUR TRUSTED PARTNER IN CSA CYBER TRUST MARK CERTIFICATION

TÜV SÜD’s experienced auditors possess the accreditation and expertise to conduct Cyber Essentials mark, and Cyber Trust mark audits across industries and locations. Our status as an independent certification body ensures that the TÜV SÜD certification mark is accepted worldwide, making it a powerful tool for distinguishing your company in the market. By being certified by TÜV SÜD, you can demonstrate your accountability to protecting your organisation and your customer’s cyber safety at hand.

TÜV SÜD PSB provides a one-stop solution to support enterprises on a full suite of cybersecurity services such as:

  • Data Protection Trustmark
  • ISO 27001 Information Security Management
  • ISO 27701 Privacy Information Management
  • ISO 27017 and ISO 27018 Cloud Security
  • SS 584 Multi-Tier Cloud Services
  • Cyber Security Code of Practice (CCoP) compliance audit
  • Cross Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) System Certification
  • Payment Card Industry Data Security Standard
  • Vulnerability Assessment & Penetration Testing
  • CSA Cybersecurity Labelling Scheme (CLS) Certification
  • CSA Cybersecurity Certification Cyber Essentials mark

APPLICATION PROCESS

Here is the application process for CSA Cyber Trust mark Certification:

CSA Trust Mark Certification

 

 

FREQUENTLY ASKED QUESTIONS

  • What will be assessed for the CSA Cyber Trust mark?

    As the risk level of organisations vary, instead of prescribing specific cybersecurity measures, the Cyber Trust mark takes on a risk-based approach to guide organisations in identifying gaps in their implementation of the cybersecurity preparedness measures so that their implementation commensurate with their cybersecurity risk profile.

  • What is the validity of the CSA Cyber Trust mark?

    The CSA Cyber Trust mark certification is valid for three years upon successful completion of certification with the requirement to maintain the certificate with an annual audit.

  • What is the mode of audit for the CSA Cyber Trust mark?

    CSA Cyber Trust mark is conducted in hybrid mode as remote and on-site audits.

  • What should I prepare before applying for CSA Cyber Trust mark?

    Prior to engaging a Certification Body, the organisation shall complete the guided self-assessment template required for Cyber Trust mark certification. Once the cybersecurity preparedness tier has been identified, companies should be prepared with relevant documents. Enterprises can obtain appropriate tools from TÜV SÜD.

  • How much does it cost to certify for the Cyber Trust mark with TÜV SÜD?

    The proposed price structure for the trust mark is determined with reference to ISO/IEC 27001 certification based on ISO 27006 calculation guideline chart and the enterprises’ selected preparedness tier.

    The cost parameters are (1) Effective headcount directly involved in the effectiveness of the company's ISMS, (2) Business Complexity Factors, (3) IT Complexity Factors, (4) CSA Cyber Trust Mark Selected Preparedness Tier.

    The table below illustrates the indicative price range for the first year's audit (stage 1 and 2).

     Quantity of End-points Range of Certification Fee Charged  Maximum Level of Support from CSA 

    Certification Fee Charged
    (Factoring in CSA Support)

    Minimum  Maximum
     Minimum Maximum 
    1 to 10

    $1,700

    $5,300

    $500  $1,200 $4,800 
    11 to 20

    $1,995

    $6,500

     $725 $1,270 $5,775 
    21 to 50

    $3,200

    $8,900

     $850 $2,350  $8,050 
    51 to 100

    $4,200

    $12,800

     $1,350 $2,850 $11,450 
    101 to 200

    $4,600

    $14,700

     $1,600  $3,000 $13,100 
  • How long does it take to be certified for the CSA Cyber Trust mark?

    The overall estimated timeline can vary depending on different factors. However, the estimated timeline based on the best scenario can be six months from the date of Stage 1 to the certification award.

    Enterprises are required to soft-book their audit schedule with auditors in advance as the schedule will be booked based on the availability of auditors and first-come-first-served basis.

    *Best scenario is when enterprises have proactively submitted all the relevant documents and accurately determined their cybersecurity preparedness tier before confirmation of audit schedule with auditors.

  • Must I be certified with CSA Cyber Essentials mark before going for CSA Cyber Trust mark?

    CSA Cyber Essentials mark is independent of the CSA Cyber Trust mark. It is not necessary to be certified with Cyber Essentials mark in prior.

  • How do I determine my certifiable cybersecurity preparedness tier?

    A two-part self-assessment will need to first be completed to guide enterprises in (i) understanding their cybersecurity risk profiles, and (ii) identifying the relevant cybersecurity preparedness domains needed to mitigate these risks. The self-assessment will thereafter recommend the most suitable level according to your completion which determines your risk profiles.

  • What will be assessed during the self-assessment?

    As the Cyber Trust mark takes on a risk-based approach, the following risk scenario categories will be assessed;

    1. Data breach 
    2. Human factor
    3. Infrastructure
    4. Physical security
    5. Regulatory and compliance
    6. Supply chain

    Each risk will then be assessed based on its likelihood to happen and impact. 

  • What happens after I have completed the self-assessment?

    Book an audit date with TÜV SÜD and we will perform an on-site verification of the organization’s self-assessment.

  • What is an end-point?

    An end-point is a remote computing device that communicates back and forth with a network to which it is connected. Examples of end-points include: 

    • Desktops 
    • Laptops 
    • Smartphones 
    • Tablets 
    • Servers 
    • Workstations 
    • Internet-of-things (IoT) devices 

    The number of end points within your organisation is a cost parameter for this certification. 

Next Steps

Site Selector