CSA Cyber Trust · SS 712:2025 · checked July 2026

Ready to move up from Cyber Essentials?

Cyber Trust is Singapore's risk-based, tiered cybersecurity mark: five tiers spanning 10 to 22 domains, built for larger or more digitalised organisations. The 2022 version of the standard retired on 6 February 2026; SS 712:2025 is the current one. We prepare the evidence, you sit the assessment.

Readiness record · private issue

Status AUDIT-READY AS AT JUL 2026
CSA mark area · issued separately
Scheme
CYBER TRUST
Scope
S$22,000 · TIER 2 TO 3
Consultant
NAMED ON EVERY JOB
Reviewed
JUL 2026
A readiness record, not a certificate. Certification is issued by the scheme's appointed bodies.

Cyber Trust readiness (Tier 2 to 3): S$22,000, about twenty days of work, co-funding available for eligible SMEs. That's the whole sentence.

A higher-tier certification for organisations with more mature security needs, increasingly expected by large enterprise and Government buyers vetting key suppliers.

Who cannot skip this one.

Three groups have a dated obligation. These are calendar facts, not sales pressure.

Licensed cybersecurity service providers
Tier 3 ("Promoter")
By 31 Dec 2026
CII auditors
Tier 5
By End-2026
CII owners, for their non-CII systems
Tier 5
By End-2027

For everyone else, Cyber Trust is voluntary, and increasingly asked for in vendor risk reviews.

The three-year rhythm.

Cyber Trust is valid for three years, with annual surveillance audits keeping it alive in between. Our retainer keeps the evidence current between audits, so the second and third-year checks stay routine instead of becoming a scramble.

The money, counted out.

Two separate costs, both shown here. Nobody should discover a second invoice by surprise.

  • Our readiness fee: S$22,000. About twenty days of consultant work. Up to 70% co-funding for eligible SMEs under CSA's CISOaaS programme.
  • The certification body's audit fee, billed by them. CSA currently offsets S$1,375 to S$2,250 of it for first certifications, with support running to 6 February 2028.
Work out your number

First Cyber Trust cohort

Late 2026.

We are planning our first Cyber Trust cohort around the end-2026 mandatory deadlines, so licensed cybersecurity service providers can land Tier 3 in time. Join the list and we will bring you in as the cohort forms.

Join the Cyber Trust list

Plain answers

Cyber Essentials or Cyber Trust: which one do we need?

Cyber Essentials is the baseline mark most tenders ask for. Cyber Trust is the tiered mark for larger or more digitalised organisations, with five tiers spanning 10 to 22 domains. If you are unsure, the mock audit on this site routes you to the right one.

How do we know which tier we need?

It depends on your risk profile: how digitalised you are, what data you hold, and whether you fall into one of the mandated groups. Tier diagnosis is part of the first chat, and it is free.

Is Cyber Trust mandatory for us?

Only for three groups so far: licensed cybersecurity service providers (Tier 3 by 31 Dec 2026), CII auditors (Tier 5 by end-2026), and CII owners for their non-CII systems (Tier 5 by end-2027). For everyone else it is voluntary, though it is increasingly asked for in vendor risk reviews.

Can we start from zero, with no Cyber Essentials in place?

Yes. Starting with Cyber Essentials first is usually cheaper and faster, and the homework you do for it carries forward into Cyber Trust. We will tell you honestly which order makes sense for you.

Get the tier question answered early.

Thirty minutes, a tier diagnosis on one page, and honest advice on whether you even need this yet.