CSA SG Cyber Safe Trust Mark & Essentials Mark

With this, the Cyber Security Agency of Singapore (CSA) have launched a program titled Cyber Essentials Mark and Cyber Trust Mark Certification.  

1.Cyber Essentials Mark 

What is CSA Cyber Essentials Mark? 

The Cyber Essentials Mark certification is intended for organizations that are beginning their cybersecurity journey. Its purpose is to acknowledge that the organization has established sound cyber hygiene practices to safeguard their operations and clients from prevalent cyber threats.

Cyber Essentials Mark is a cybersecurity certification for organizations that are embarking on their cybersecurity journey. It serves to recognize that the organization has put in place good cyber hygiene practices to protect their operations and their customers against common cyber-attacks. The Cyber Essentials mark is targeted at organisations with limited IT and/or cybersecurity expertise and resources to dedicate towards protecting IT assets and personnel. Cyber Essential Marks certification is valid for two (2) years, and to maintain the certification status, enterprises are required to undergo recertification/ revalidation assessment.

Cyber Essentials (2025)

The new enhanced Cyber Essentials (2025) has been launched in April 2025 to include additional three digital technologies:

i) Classical Cybersecurity
ii) Cloud Security *NEW
iii) Operational Technology (OT) Security *NEW
iv) AI Security *NEW

Key Steps to Certification 

Benefits of Cyber Essentials Mark 

• Organizations able to tailor to your organization’s cybersecurity needs, 

• Guides organization to implement cyber hygiene measures against common cyber-attacks,

• Provides recognition of your cybersecurity practices. 

Certification Fee: Click here

For more information, you may also visit: https://www.csa.gov.sg/our-programmes/support-for-enterprises/sg-cyber-safe-programme/cybersecurity-certification-for-organisations/cyber-essentials

2. Cyber Trust Mark 

What is Cyber Trust Mark? 

The Cyber Trust mark is a cybersecurity certification for organisations with more extensive digitalized business operations. It serves as a mark of distinction for the organization to prove that they have put in place good cybersecurity practices with their cybersecurity risk profile.  

The Cyber Trust mark is targeted at larger or more digitalized organisations that have gone beyond cyber hygiene. These organisations may have higher risk levels and would correspondingly invest in expertise and resources to manage and protect their Information Technology (IT) infrastructure.  

For Cyber Trustmark, the certification is valid for three (3) years, enterprises are required to undergo recertification/ revalidation assessment to continue the certification. On a yearly basis, enterprises under Cyber Trustmark will undergo interim technical audits and validation checks/ assessments.  

There are five (5) cybersecurity preparedness tiers and progressively improve its system for higher recognition. The award of Trustmark from certification bodies are in accordance to the outcome of assessment where the entities fall under: 

Cyber Trustmark (2025)

The new Cyber Trustmark (2025) has been enhanced by CSA to help organisations to address cyber risks beyond traditional IT systems, with expanded coverage that now includes the following new technology pillars:

i) Classical Cybersecurity 
ii) Cloud Security *NEW
iii) Operational Technology (OT) Security *NEW
iv) AI Security *NEW

It equips businesses to tackle with evolving threats and building stronger digital trust.

Key Steps to Certification 

Benefits of Cyber Trust Mark 

• Provide organizations with a mark of distinction for robust cybersecurity, 

• Provides a pathway to international cybersecurity standards such as ISO/IEC 27001,

• Provides a guided approach for your organisation to assess cybersecurity risks and preparedness, 

• Takes on a risk-based approach to meet your organisation's needs without over-investing. 

Certification Fee: Click here

For more information, you may also visit: https://www.csa.gov.sg/our-programmes/support-for-enterprises/sg-cyber-safe-programme/cybersecurity-certification-scheme-for-organisation/cyber-trust

Transition from Cyber Essentials/ Trustmark (2022) to (2025) Version

Note:
(1) Organisations can still be certified to Cyber Essentials or Cyber Trustmark (2022) version before 06 Feb 2026. If the client achieves the 2022 version prior Feb 2026, a full certificate will be issued. 
For example: 2-year for Cyber Essentials (2022) and 3-year for Cyber Trustmark (2022)

(2) After 06 Feb 2026, only Cyber Essentials or Cyber Trustmark (2025) can be certified.

(3) For existing certified organisations under 2022 version, the deadline for migration to 2025 version is upon their certification expiry/renewal. The surveillance audit can still be based on the original 2022 version of standard. However, should organisations wish to migrate to 2025 version prior to renewal dates or wish to be certified to additional technology pillars, please speak to us for further discussion.