Cyber Trust mark
About Cybersecurity Certification Scheme | Cyber Essentials | Cyber Trust
The Cyber Trust mark is a cybersecurity certification for enterprises with more extensive digitalised business operations. It is targeted at larger or more digitalised enterprises as these enterprises are likely to have higher risk levels which require them to invest in expertise and resources to manage and protect their IT infrastructure and systems. The Cyber Trust mark adopts a risk-based approach to guide enterprises to understand their risk profiles and identify relevant cybersecurity preparedness areas required to mitigate these risks.
The Cyber Trust mark serves as a mark of distinction for enterprises to prove that they have put in place good cybersecurity practices and measures that are commensurate with their cybersecurity risk profile.
Why should my organisation apply?
• Signifies a mark of distinction to recognise enterprises as trusted partners with robust cybersecurity
• Provides a pathway to international cybersecurity standards (e.g. ISO/IEC 27001)
• Provides a guided approach for your organisation to assess cybersecurity risks and preparedness
• Takes on a risk-based approach to meet your enterprise needs without over-investing
Which tier of Cybersecurity Preparedness does my organisation belong to?
There are five Cybersecurity Preparedness tiers, with 10 to 22 domains under each tier. Enterprises can use the Cyber Trust mark risk assessment framework to identify which Cybersecurity Preparedness tier is more suitable for their needs.
Certification for the Cyber Trust mark
Enterprises seeking certification may refer to the following:
• Cyber Trust mark certification document [PDF, 826KB]
• Cyber Trust mark – Self-assessment template for enterprises [XLS, 233KB]
• Mapping between Cyber Trust mark and ISO/IEC 27001 [PDF, 813KB]
Note: Documents were last updated in May 2022
a. Appointed Certification Bodies
The certification process is undertaken by certification bodies that have been appointed by CSA. Enterprises may select any of the following certification bodies, please click here for contact details.
b. Certification Duration and Mode of Assessment
Cyber Trust certification is valid for a duration of 3 years, with a yearly audit. The mode of assessment will involve both review and verification of documents, as well as implementation and effectiveness. The enterprise’s certification audit will be carried out by an independent assessor from the appointed certification body.
Certification charges and time needed for certification may differ according to the scope of certification. Enterprises may visit the websites of the certification bodies to find out more.
c. Enablers to support certification
Need help with the cybersecurity measures you can implement to improve your enterprise’s cybersecurity? Check out our cybersecurity toolkits for guiding questions, templates and more.
The following products/solutions help to address the Cyber Preparedness domains in the Cyber Trust mark. Enterprises interested in attaining the Cyber Trust certification are encouraged to complement these products/solutions with additional measures to fully meet the certification requirements.*
• Dell Technologies
• Ensign InfoSecurity (Singapore) Pte Ltd
• Fortinet Singapore
• Palo Alto Networks
• ST Engineering Mission Software & Services Pte Ltd
* Please note that CSA does not endorse or recommend any particular organisation, individual, product, process, or service that is linked to the SG Cyber Safe Partnership Programme, nor can CSA assure the quality of the work of any organisation or individual linked to the SG Cyber Safe Partnership Programme.
d. Funding Support
Eligible organisations can consider applying to Enterprise Singapore (ESG) to seek support for some of the costs for Cyber Trust certification. Details on the criteria and application process can be found below:
• Interested organisations may refer to this Quick Guide on Enterprise Development Grant Application
Added Benefit For Certified Organisations
Cyber Trust certified organisations are eligible for discounted rates when they apply for cyber insurance with the following:
• QBE Insurance (Singapore) Pte Ltd
Please contact the companies listed for details.
• Interested in the Cyber Essentials mark instead? Click here
to learn more.
Unsure about the different codes, cybersecurity or data certifications required for your enterprise? Click here
to learn more.