Achieve mark of distinction for implementation of cyber security practices
Achieve mark of distinction for implementation of cyber security practices
Funding support available from CSA
Cyber-attacks continue to dominate headlines worldwide, exposing enterprises to significant risk and placing them under intense scrutiny with regulators, investors, and customers. Having systems and processes to secure your business is imperative to mitigate the risk of financial loss, loss of sensitive data, operational downtime and more.
WHAT IS CSA CYBER TRUST MARK?
The Cyber Trust mark is a cybersecurity certification, developed by Cyber Security Agency of Singapore (CSA), for organisations with more extensive digitalised business operations. It serves as a mark of distinction for the organisation to prove that they have put in place good cybersecurity practices and measures that are commensurate with their cybersecurity risk profile.
The Cyber Trust mark is targeted at larger or more digitalised organisations that have gone beyond cyber hygiene. These organisations may have higher risk levels and would correspondingly invest in expertise and resources to manage and protect their Information Technology (IT) infrastructure.
(Chart adapted from CSA)
CSA Cyber Trust mark takes on a risk-based approach and is intended to enable organisations to put in place the relevant cybersecurity preparedness measures that commensurate with their cybersecurity risk profile. Organisations can benefit from the framework by implementing the recommended cybersecurity practices through self-assessed risk analysis and completing an audit conducted by TÜV SÜD.
In Singapore, the Cyber Trust mark is a benchmark of your preparedness for any cyber attacks. Reasons for certifying are:
1. The Cyber Trust mark certification is a sign that distinguishes your company as a trusted partner with robust cybersecurity practices in place.
2. By meeting the self-assessment requirements of cyber security trust certification, you take a step towards compliance with international cybersecurity standards (e.g., ISO/IEC 27001).
3. The cybersecurity trust mark comes with a structured approach to assess your organisation’s cybersecurity risk profile and preparedness.
You can adopt a risk-based approach to meet the enterprise’s needs with a certification partner like TÜV SÜD.
TÜV SÜD’s experienced auditors possess the accreditation and expertise to conduct Cyber Essentials mark, and Cyber Trust mark audits across industries and locations. Our status as an independent certification body ensures that the TÜV SÜD certification mark is accepted worldwide, making it a powerful tool for distinguishing your company in the market. By being certified by TÜV SÜD, you can demonstrate your accountability to protecting your organisation and your customer’s cyber safety at hand.
TÜV SÜD PSB provides a one-stop solution to support enterprises on a full suite of cybersecurity services such as:
Here is the application process for CSA Cyber Trust mark Certification:
As the risk level of organisations vary, instead of prescribing specific cybersecurity measures, the Cyber Trust mark takes on a risk-based approach to guide organisations in identifying gaps in their implementation of the cybersecurity preparedness measures so that their implementation commensurate with their cybersecurity risk profile.
The CSA Cyber Trust mark certification is valid for three years upon successful completion of certification with the requirement to maintain the certificate with an annual audit.
CSA Cyber Trust mark is conducted in hybrid mode as remote and on-site audits.
Prior to engaging a Certification Body, the organisation shall complete the guided self-assessment template required for Cyber Trust mark certification. Once the cybersecurity preparedness tier has been identified, companies should be prepared with relevant documents. Enterprises can obtain appropriate tools from TÜV SÜD.
The proposed price structure for the trust mark is determined with reference to ISO/IEC 27001 certification based on ISO 27006 calculation guideline chart and the enterprises’ selected preparedness tier.
The cost parameters are (1) Effective headcount directly involved in the effectiveness of the company's ISMS, (2) Business Complexity Factors, (3) IT Complexity Factors, (4) CSA Cyber Trust Mark Selected Preparedness Tier.
The table below illustrates the indicative price range for the first year's audit (stage 1 and 2).
Quantity of End-points | Range of Certification Fee Charged | Maximum Level of Support from CSA |
Certification Fee Charged |
||
Minimum | Maximum |
Minimum | Maximum | ||
1 to 10 |
$1,700 |
$5,300 |
$500 | $1,200 | $4,800 |
11 to 20 |
$1,995 |
$6,500 |
$725 | $1,270 | $5,775 |
21 to 50 |
$3,200 |
$8,900 |
$850 | $2,350 | $8,050 |
51 to 100 |
$4,200 |
$12,800 |
$1,350 | $2,850 | $11,450 |
101 to 200 |
$4,600 |
$14,700 |
$1,600 | $3,000 | $13,100 |
The overall estimated timeline can vary depending on different factors. However, the estimated timeline based on the best scenario can be six months from the date of Stage 1 to the certification award.
Enterprises are required to soft-book their audit schedule with auditors in advance as the schedule will be booked based on the availability of auditors and first-come-first-served basis.
*Best scenario is when enterprises have proactively submitted all the relevant documents and accurately determined their cybersecurity preparedness tier before confirmation of audit schedule with auditors.
CSA Cyber Essentials mark is independent of the CSA Cyber Trust mark. It is not necessary to be certified with Cyber Essentials mark in prior.
A two-part self-assessment will need to first be completed to guide enterprises in (i) understanding their cybersecurity risk profiles, and (ii) identifying the relevant cybersecurity preparedness domains needed to mitigate these risks. The self-assessment will thereafter recommend the most suitable level according to your completion which determines your risk profiles.
As the Cyber Trust mark takes on a risk-based approach, the following risk scenario categories will be assessed;
Each risk will then be assessed based on its likelihood to happen and impact.
Book an audit date with TÜV SÜD and we will perform an on-site verification of the organization’s self-assessment.
An end-point is a remote computing device that communicates back and forth with a network to which it is connected. Examples of end-points include:
The number of end points within your organisation is a cost parameter for this certification.
Site Selector
Global
Americas
Asia
Europe
Middle East and Africa