Ghana: Implemented CSA Directive for the Protection of Critical Information Infrastructure (CII) including 24-hour incident reporting and 72-hour vulnerability disclosure obligations

Implemented CSA Directive for the Protection of Critical Information Infrastructure (CII) including 24-hour incident reporting and 72-hour vulnerability disclosure obligations

On 1 October 2021, the Cyber Security Authority (CSA) adopted and implemented the Directive for the Protection of Critical Information Infrastructure, pursuant to the Cybersecurity Act 2020 (Act 1038). The Directive requires designated CII Owners to…

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

infrastructure provider: internet and telecom services, infrastructure provider: cloud computing, storage and databases, infrastructure provider: network hardware and equipment, infrastructure provider: other

Implementation Level

national

Government Branch

executive

Government Body

other regulatory body

Complete timeline of this policy change

Hide details

2021-10-01

in force

On 1 October 2021, the Cyber Security Authority (CSA) adopted and implemented the Directive for the…

Description

Implemented CSA Directive for the Protection of Critical Information Infrastructure (CII) including 24-hour incident reporting and 72-hour vulnerability disclosure obligations

Scope

Complete timeline of this policy change