In order to continue providing two types of cybersecurity services in Singapore, vendors must must apply for a licence.
According to sources, they have up to 6 months to comply, after which they must cease offering such services or face a jail sentence or a fine.
In order to operate in Singapore, companies that provide penetration testing and managed Security Operations Centre (SOC) monitoring services would need a licence.
These include organisations and individuals directly involved in such services, third-party vendors who support these companies, and resellers of licensable cybersecurity services, according to the Singapore Cyber Security Authority (CSA).
According to the industry regulator, the licence structure, which takes effect on April 11, is based on the country’s Cybersecurity Act and intends to better protect consumers’ interests.
It also helped to improve service providers’ standards and reputation over time.
According to the CSA, the two service categories were chosen as the starting point for the licencing regime because service of these services have considerable access to their customers’ ICT systems and sensitive data.
The authorities warned that because these services were widely available and utilised, they have a potential to have a major impact on overall cybersecurity picture.
Existing vendors who provide any or both service categories have until October 11 this year to apply for a licence. Those who do not do so in a timely manner will be forced to cease providing the service until a licence is obtained.
Service providers who applied for a licence within six months of the deadline, however, would be permitted to continue providing the licensable service until their application was approved.
Anyone who provides licensable services without a licence after October 11 faces a fine of up to SG$50,000 or a two-year prison sentence, or both.
Individuals will be charged SG$500, while businesses will be charged SG$1,000 for their licence. The validity period for each licence would be two years.