Cyber Essentials Mark
Demonstrate your commitment to good cyber practices and cyber hygiene with third-party certification from GICG.

CSA Cybersecurity Certification – Cyber Essentials mark

With our nation moving towards being a digital domain Smart Nation and rise in digital risks, commitment to a cyber hygiene practice is essential for preventing organisations from succumbing to digital lapses and cyber attacks. GICG will help you to demonstrate your commitment to good cyber hygiene practices with Cyber Essentials Mark Certification, the standard to strengthen your cyber defences and to protect enterprises against the most common cyber attacks and threats.

ABOUT CYBER ESSENTIALS MARK

To help enterprises take greater ownership of cybersecurity, Cyber Security Agency of Singapore (CSA) has developed the Cyber Safe Programme to help Singapore enterprises better protect themselves in the digital domain, raise their cybersecurity posture and protect against a whole range of the most common cyber attacks.One of the initiatives under the programme is the Cyber Essentials Mark.

The Cyber Essentials Mark helps you to guard your organisation against cyber-attack.

The Cyber Essentials Mark takes on a baseline control approach which intends to protect enterprises against the most common cyber attacks and threats. The Cyber Essentials Mark demonstrates your commitment to cyber security and provide a cybersecurity risk management approach for your organization.

WHY IS CYBER ESSENTIALS MARK IMPORTANT?

A Cyber Essentials mark from GICG shows that you have a system and practices in place for ensuring that you meet the required cyber hygiene standards and builds confidence among your employees and customers. It reassures customers that you are working to secure your IT systems against cyber-attacks. Having a Cyber Essentials mark attracts new potential business with the assurance that you have cyber security measures in place.

The Cyber Essentials mark is designed to support a
baseline controls cybersecurity programme for
enterprises.

The Cyber Essentials mark and is targeted at
resource-constrained enterprises with limited IT
and/or cybersecurity expertise and resources to
dedicate towards protecting IT assets and personnel

WHO SHOULD GET THE CYBER ESSENTIALS MARKS?

The Cyber Essentials mark is a cybersecurity certification for organisations that are embarking on their cybersecurity journey. It serves to recognise that your organisation has put in place good cyber hygiene practices to protect your operations and your customers against common cyber attacks.

GICG HELPS YOU TO DEMONSTRATE YOUR COMMITMENT TO GOOD CYBER PRACTICES AND CYBER HYGIENCE

GICG is one of the leading and internationally recognised Testing, Inspection and Certification (TIC) organisation with close to 30 years of experience in risk management and certification for information security management systems and training.
Appointed by Cyber Security Agency of Singapore (CSA) as certification bodies for the Cyber Trust mark and Cyber Essentials Mark, we help organisations like yours to strengthen your cyber defences and to safeguard your business against an evolving threat landscape.

A Cyber Essentials mark from GICG shows that your organisation has a system and practices in place for ensuring that you meet the required cyber hygiene standards and builds confidence among your employees and customers.

Edit Content

ASSESSMENT PROCESS

The enterprise shall complete this self-assessment form to document the qualitative description, cybersecurity controls and practices implemented in the organisation. Following which, a GICG assessor will perform desktop verification against the organisations’ self-assessment and award the Cyber Essentials mark once verification has been completed.

Certification gives you peace of mind that your enterprises are protected against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.

Cyber Essentials Marks shows you how to address those basics and prevent the most common attacks.

  • From launch date until 6 February 2026: Certification bodies may certify organisations under both 2022 and 2025 versions
  • After 6 February 2026: Certification bodies should only certify under the 2025 versions

APPLICATION FEE & FUNDING SUPPORT (GRANT) AVAILABLE

Application fee (exclusive of GST):
The revised Cyber Essentials (2025) mark will go beyond classical cybersecurity, and now also provides protection for organisations implementing cloud computing, Operational Technology (OT) and Artificial Intelligence (AI). The update will see Cyber Essentials mark being published as a Singapore Standard (SS).

Cyber Essentials (2025) Certification Fee

Classical Cybersecurity Add-on Digital Technologies
Quantity of End-points Classical Cybersecurity [2] Maximum Level of Support from CSA [3] Cloud Security [1],[2] OT Security [1],[2] AI Security [1],[2] Maximum Level of Support from CSA [4]
1 – 10 $500 $250 + $100 + $100 + $100 $50
11 – 20 $700 $350 + $100 + $100 + $100 $50
21 – 50 $700 $450 + $100 + $100 + $100 $50
51 – 100 $700 $600 +$150 +$150 +$150 $100
101 – 200 $1000 $650 +$150 +$150 +$150 $100
201 – 500
(in increments of 100 end- points) 		$500  Funding support is available up to 1st 200 end-points only. + $200 + $200 + $200  Funding support is available up to 1st 200 end-points only.
501 and above
(in increments of 100 end- points) 		$500 +$200 +$200 +$200
Quantity of End-points Classical Cybersecurity [2] Cyber Essentials for HIB [1],[2] Cyber Essentials for ICT Vendors [1],[2] Maximum Level of Support from CSA
1 – 10 $500 $300 $300 $250
11 – 20 $700 $300 $300 $350
21 – 50 $700 $300 $300 $450
51 – 100 $700 $400 $400 $600
101 – 200 $1000 $400 $400 $650
201 - 500
(in increments of 100 end-points) 		$500 $500 $500 Funding support is available up to 1st 200 end-points only.
Notes

[1] Certification fees are add-on fees to charges for Cyber Essentials (2025) – Classical Cybersecurity

[2] As submitted in Proposal and/or clarification(s)

Funding support is also applicable for sub-schemes of Cyber Essentials mark, e.g. Cyber Essentials for CMS Vendors

[3] For first successful certification per eligible organisation – Organisations that had previously secured funding support for Cyber Essentials (2022) are not eligible

[4] For first successful certification per eligible organisation for each digital technology pillar (cloud security, OT security, AI security)

* The following considerations applies to the funding support:
  • Applicable only from 15 April 2025 to 6 Feb 2028.
  • Applicable for first time application only – Organisations that had previously secured funding support for Cyber Trust (2022) & for Cyber Essentials (2022) are not eligible
  • Only Singapore-registered businesses and Non-Profit Organisations (NPO) incorporated in Singapore are eligible
  • Organisations shall submit their completed application forms to their selected certification bodies.
For more information on the grant, please visit the CSA website here. Interested businesses are encouraged to sign up for the certification programme. For more information on Cyber Essentials mark, including details of the checklists, please contact us using the following contact form. A GICG personnel will contact you for a no-obligation discussion.

Certification Fee for Cyber Essentials (2022)

Quantity of End-points Certification Fee for Cyber Essentials (As submitted in Proposal) Maximum Level of Support from CSA
(first successful application) 		Certification Fee Charged to Industry
(Factoring in CSA support)
1 – 10 $500 $250 $250
11 – 20 $700 $350 $350
21 – 50 $700 $450 $250
51 – 100 $700 $500 $200
101 – 200 $1000 $550 $450

* The following considerations applies to the funding support:

  • Applicable only from now to 6 February 2026
  • Applicable only for the first successful certification per organisation
  • Only Singapore-registered businesses and Non-Profit Organisations (NPO) incorporated in Singapore are eligible
  • Organisations shall submit their completed application forms to their selected certification bodies.

For more information on the grant, please visit the CSA website.

Interested businesses are encouraged to sign up for the certification programme. For more information on Cyber Essentials mark, including details of the checklists, please contact us using the following contact form. A GICG personnel will contact you for a no-obligation discussion.

Edit Content

(Note: This is a sub-scheme of Cyber Essentials, and is applicable to Clinic Management Solution (CMS) vendors under the Ministry of Health CMS tiering framework.)

INTRODUCTION

The Ministry of Health (MOH) which oversees the healthcare sector in Singapore also licenses and

regulates all healthcare establishments such as hospitals, nursing homes, clinical laboratories, medical and dental clinics. Cybersecurity is critical to the provision of quality and safe healthcare services in ensuring patient safety and welfare.

CSA and MOH have worked on an extension of the Cyber Essentials mark that is targeted at Clinic Management Solution (CMS) Vendors under the MOH CMS tiering framework. This extension of Cyber Essentials mark is referred to as “Cyber Essentials for CMS Vendors”.

Certification Duration

The Cyber Essentials certification is valid for a duration of 2 years.

ASSESSMENT PROCESS

The mode of assessment will involve desktop review and verification of the organisation’s self-assessment by our independent accessor/auditor.

Pre-certification preparation by the CMS vendor

The CMS vendor shall complete the guided self-assessment template required for Cyber Essentials mark certification for CMS vendor.

This consists of a list of requirements and recommendations that the CMS vendor shall assess and

indicate if these have been implemented in the organisation.

Independent assessment by certification body

Following the completion of its self-assessment, a GICG assessor will perform desktop verification against the CMS vendor’ self-assessment and award the Cyber Essentials mark for CMS vendor once verification has been satisfactory completed.

For the organisation to be certified for Cyber Essentials mark for CMS vendor, the CMS vendor shall meet all the requirements in the Cyber Essentials mark as well as the additional requirements required by MOH.

APPLICATION FEE & FUNDING SUPPORT (GRANT) AVAILABLE

Application fee (exclusive of GST):

Quantity of End-points Certification Fee for Cyber Essentials (As submitted in Proposal) Maximum Level of Support from CSA
(first successful application) 		Certification Fee Charged to Industry
(Factoring in CSA support)
1 – 10 $500 $250 $250
11 – 20 $700 $350 $350
21 – 50 $700 $450 $250
51 – 100 $700 $500 $200
101 – 200 $1000 $550 $450

* The following considerations applies to the funding support:

  • Applicable only from now to 6 February 2026
  • Applicable only for the first successful certification per organisation
  • Only Singapore-registered businesses and Non-Profit Organisations (NPO) incorporated in Singapore are eligible
  • Organisations shall submit their completed application forms to their selected certification bodies.

For more information on the grant, please visit the CSA website here.

http://www.csa.gov.sg/cyber-essential

Interested businesses are encouraged to sign up for the certification programme. For more information on Cyber Essentials mark, including details of the checklists, please contact us using the following contact form. A GICG personnel will contact you for a no-obligation discussion.

Edit Content

Note: This is a sub-scheme of Cyber Essentials

HEALTH INFORMATION BILL (HIB)

The Ministry of Health (MOH) introduces the Health Information Bill (“HIB”) to govern the safe and secure collection, access, use and sharing of health information to enhance quality and continuity of care for patients.

Health information includes both administrative and clinical data where:
Administrative data
Any personal information related to the use or consumption of any healthcare or community health service, and the provision of such services to an individual.
Clinical data
Information about or relating to either or both of the following, in relation to an individual:
  • Physical and mental health of an individual.
  • Diagnosis, treatment, and care of an individual.

WHY IS HIB IMPORTANT?

The Health Information Bill (HIB) will require healthcare providers to meet specific cyber and data security standards before they can safely contribute to or access the National Electronic Health Record (NEHR).

To support this, the Ministry of Health (MOH) has developed the Cyber and Data Security Guidelines for Healthcare Providers. These Guidelines outline the measures healthcare providers should implement to ensure the proper storage, access, use, and sharing of health information, thereby strengthening overall security in preparation for the HIB’s implementation.

The Guidelines are designed to help healthcare providers safeguard the confidentiality, integrity, and availability of health information, protecting it from unauthorised access, improper modification, misuse, disclosure, disposal, or similar risks.

WHO DO THE GUIDELINES APPLY TO?

They apply to all healthcare providers with systems such as desktops, laptops, servers, or other devices that either:

  • Contain health information; or
  • Connect to other systems that contain health information.

For clarity, the relevant data security requirements will continue to apply even to providers who maintain records solely on paper.

APPLICATION FEE & FUNDING SUPPORT (GRANT) AVAILABLE

Classical Cybersecurity Add-on Digital Technologies
Quantity of End-points Classical Cybersecurity [2] Maximum Level of Support from CSA [3] Cloud Security [1],[2] OT Security [1],[2] AI Security [1],[2] Maximum Level of Support from CSA [4]
1 – 10 $500 $250 + $100 + $100 + $100 $50
11 – 20 $700 $350 + $100 + $100 + $100 $50
21 – 50 $700 $450 + $100 + $100 + $100 $50
51 – 100 $700 $600 +$150 +$150 +$150 $100
101 – 200 $1000 $650 +$150 +$150 +$150 $100
201 – 500
(in increments of 100 end- points) 		$500  Funding support is available up to 1st 200 end-points only. + $200 + $200 + $200  Funding support is available up to 1st 200 end-points only.
501 and above
(in increments of 100 end- points) 		$500 +$200 +$200 +$200
Quantity of End-points Classical Cybersecurity [2] Cyber Essentials for HIB [1],[2] Cyber Essentials for ICT Vendors [1],[2] Maximum Level of Support from CSA
1 – 10 $500 $300 $300 $250
11 – 20 $700 $300 $300 $350
21 – 50 $700 $300 $300 $450
51 – 100 $700 $400 $400 $600
101 – 200 $1000 $400 $400 $650
201 - 500
(in increments of 100 end-points) 		$500 $500 $500 Funding support is available up to 1st 200 end-points only.
Notes

[1] Certification fees are add-on fees to charges for Cyber Essentials (2025) – Classical Cybersecurity

[2] As submitted in Proposal and/or clarification(s)

Funding support is also applicable for sub-schemes of Cyber Essentials mark, e.g. Cyber Essentials for CMS Vendors

[3] For first successful certification per eligible organisation – Organisations that had previously secured funding support for Cyber Essentials (2022) are not eligible

[4] For first successful certification per eligible organisation for each digital technology pillar (cloud security, OT security, AI security)

* The following considerations applies to the funding support:
  • Applicable only from now to 6 February 2026
  • Applicable only for the first successful certification per organisation
  • Only Singapore-registered businesses and Non-Profit Organisations (NPO) incorporated in Singapore are eligible
  • Organisations shall submit their completed application forms to their selected certification bodies.
For more information on the grant, please visit the CSA website here: http://www.csa.gov.sg/cyber-essential Interested businesses are encouraged to sign up for the certification programme. For more information on Cyber Essentials mark, including details of the checklists, please contact us using the following contact form. A GICG personnel will contact you for a no-obligation discussion.
Edit Content

Note: This is a sub-scheme of Cyber Essentials

INTRODUCTION

Cyber Essentials is a certification program that helps organizations strengthen their cybersecurity posture. Offering a cost-effective way to address common cyber threats, it also showcases an organization’s commitment to security. The scheme is especially relevant for ICT vendors, as it may be required for certain government contracts or serve as a competitive advantage in the marketplace.

DEMONSTRATES SECURITY

Earning the certification assures clients that the vendor takes cybersecurity seriously and has implemented essential protection measures.

ENSURES COMPLIANCE

Certain contracts particularly in the public sector require Cyber Essentials certification, making it an important prerequisite for ICT vendors seeking such opportunities.

CREATES A COMPETITIVE EDGE

In a crowded marketplace, Cyber Essentials can set vendors apart, enhancing credibility and building client trust.

REDUCE RISK

By addressing common cyber threats, the certification helps vendors minimise the likelihood of data breaches and other security incidents.

APPLICATION FEE & FUNDING SUPPORT (GRANT) AVAILABLE

Classical Cybersecurity Add-on Digital Technologies
Quantity of End-points Classical Cybersecurity [2] Maximum Level of Support from CSA [3] Cloud Security [1],[2] OT Security [1],[2] AI Security [1],[2] Maximum Level of Support from CSA [4]
1 – 10 $500 $250 + $100 + $100 + $100 $50
11 – 20 $700 $350 + $100 + $100 + $100 $50
21 – 50 $700 $450 + $100 + $100 + $100 $50
51 – 100 $700 $600 +$150 +$150 +$150 $100
101 – 200 $1000 $650 +$150 +$150 +$150 $100
201 – 500
(in increments of 100 end- points) 		$500  Funding support is available up to 1st 200 end-points only. + $200 + $200 + $200  Funding support is available up to 1st 200 end-points only.
501 and above
(in increments of 100 end- points) 		$500 +$200 +$200 +$200
Quantity of End-points Classical Cybersecurity [2] Cyber Essentials for HIB [1],[2] Cyber Essentials for ICT Vendors [1],[2] Maximum Level of Support from CSA
1 – 10 $500 $300 $300 $250
11 – 20 $700 $300 $300 $350
21 – 50 $700 $300 $300 $450
51 – 100 $700 $400 $400 $600
101 – 200 $1000 $400 $400 $650
201 - 500
(in increments of 100 end-points) 		$500 $500 $500 Funding support is available up to 1st 200 end-points only.
Notes

[1] Certification fees are add-on fees to charges for Cyber Essentials (2025) – Classical Cybersecurity

[2] As submitted in Proposal and/or clarification(s)

Funding support is also applicable for sub-schemes of Cyber Essentials mark, e.g. Cyber Essentials for CMS Vendors

[3] For first successful certification per eligible organisation – Organisations that had previously secured funding support for Cyber Essentials (2022) are not eligible

[4] For first successful certification per eligible organisation for each digital technology pillar (cloud security, OT security, AI security)

* The following considerations applies to the funding support:
  • Applicable only from now to 6 February 2026
  • Applicable only for the first successful certification per organisation
  • Only Singapore-registered businesses and Non-Profit Organisations (NPO) incorporated in Singapore are eligible
  • Organisations shall submit their completed application forms to their selected certification bodies.
For more information on the grant, please visit the CSA website here: http://www.csa.gov.sg/cyber-essential Interested businesses are encouraged to sign up for the certification programme. For more information on Cyber Essentials mark, including details of the checklists, please contact us using the following contact form. A GICG personnel will contact you for a no-obligation discussion.

Cyber Essentials Mark Brochure

Download2 MB

CONTACT US

Scroll to Top