The Singapore Cyber Security Act

Are you compliant?

Get in touch

The Cybersecurity Bill was passed on 5 Feb 2018 and received the Singapore President’s assent on 2 Mar 2018 to become the “Cybersecurity Act”. The Act establishes a legal framework for the oversight and maintenance of national cybersecurity in Singapore. Its four key objectives are to:

  • Strengthen the protection of Critical Information Infrastructure (CII) against cyber-attacks.
  • Authorise Cyber Security Agency of Singapore (CSA) to prevent and respond to cybersecurity threats and incidents.
  • Establish a framework for sharing cybersecurity information.
  • Establish a light-touch licensing framework for cybersecurity service providers.

The CSA has published the Codes of Practice or Standards of Performance issued by the Commissioner of Cybersecurity for the regulation of owners of Critical Information Infrastructure (CII), in accordance with the Cybersecurity Act.

The Cybersecurity Code of Practice for Critical Information Infrastructure – Second Edition (CCoP2.0) came into effect on 4 Jul 2022, superseding previous versions of the Code. There is a grace period of 12 months on the compliance timeline for all clauses for the compliance of CCoP2.0, applicable to both existing and any newly designated CII.

NCC Group is here to help your organisation meet the CCoP2.0 requirements of the Singapore Cybersecurity Act 2018.

NCC Group can assist organisations with aligning to CCoP2.0 requirements by:

  • Enhancing cyber security obligations.
  • Complying with the CCoP guidelines.
  • Providing robust and reliable governance.

In relation to these obligations, NCC Group can support with:

  • Threat intelligence services.
  • Vulnerability management services.
  • Security testing and assurance services.
  • Application testing and source code reviews.
  • Cyber incident response plans and table-top crisis management simulations.

Enhanced Cyber Security Obligations include:

  • Sharing of near-real time threat information.
  • Cyber incident response plans and testing.
  • Vulnerability management and penetration testing.
  • Business continuity and disaster recovery planning.
  • Secure code review.

Consider further assistance:

  • Conduct gap analysis based on NIST CSF, ISO/IEC 27001:2022, MAS TRM guidelines.
  • Initiate a retainer for third party (independent) services to complete the gaps in cyber security posture, e.g., Incident Response Retainer.

Understand compliance requirements and determine your organisation's needs.

Get in touch with an expert