CSA Cyber Trust · SS 712:2025 · checked July 2026
Ready to move up from Cyber Essentials?
Cyber Trust is Singapore's risk-based, tiered cybersecurity mark: five tiers spanning 10 to 22 domains, built for larger or more digitalised organisations. The 2022 version of the standard retired on 6 February 2026; SS 712:2025 is the current one. We prepare the evidence, you sit the assessment.
Readiness record · private issue
- Scheme
- CYBER TRUST
- Scope
- S$22,000 · TIER 2 TO 3
- Consultant
- NAMED ON EVERY JOB
- Reviewed
- JUL 2026
Cyber Trust readiness (Tier 2 to 3): S$22,000, about twenty days of work, co-funding available for eligible SMEs. That's the whole sentence.
A higher-tier certification for organisations with more mature security needs, increasingly expected by large enterprise and Government buyers vetting key suppliers.
CE gets you in the door. Cyber Trust is the atas one: big MNC and government want this before they trust you with the large contracts. Level up when you ready; we bring you there tier by tier.
Who cannot skip this one.
Three groups have a dated obligation. These are calendar facts, not sales pressure.
- Licensed cybersecurity service providers
- Tier 3 ("Promoter")
- By 31 Dec 2026
- CII auditors
- Tier 5
- By End-2026
- CII owners, for their non-CII systems
- Tier 5
- By End-2027
For everyone else, Cyber Trust is voluntary, and increasingly asked for in vendor risk reviews.
The three-year rhythm.
Cyber Trust is valid for three years, with annual surveillance audits keeping it alive in between. Our retainer keeps the evidence current between audits, so the second and third-year checks stay routine instead of becoming a scramble.
The money, counted out.
Two separate costs, both shown here. Nobody should discover a second invoice by surprise.
- Our readiness fee: S$22,000. About twenty days of consultant work. Up to 70% co-funding for eligible SMEs under CSA's CISOaaS programme.
- The certification body's audit fee, billed by them. CSA currently offsets S$1,375 to S$2,250 of it for first certifications, with support running to 6 February 2028.
First Cyber Trust cohort
Late 2026.
We are planning our first Cyber Trust cohort around the end-2026 mandatory deadlines, so licensed cybersecurity service providers can land Tier 3 in time. Join the list and we will bring you in as the cohort forms.
Join the Cyber Trust listPlain answers
Cyber Essentials or Cyber Trust: which one do we need?
Cyber Essentials is the baseline mark most tenders ask for. Cyber Trust is the tiered mark for larger or more digitalised organisations, with five tiers spanning 10 to 22 domains. If you are unsure, the mock audit on this site routes you to the right one.
How do we know which tier we need?
It depends on your risk profile: how digitalised you are, what data you hold, and whether you fall into one of the mandated groups. Tier diagnosis is part of the first chat, and it is free.
Is Cyber Trust mandatory for us?
Only for three groups so far: licensed cybersecurity service providers (Tier 3 by 31 Dec 2026), CII auditors (Tier 5 by end-2026), and CII owners for their non-CII systems (Tier 5 by end-2027). For everyone else it is voluntary, though it is increasingly asked for in vendor risk reviews.
Can we start from zero, with no Cyber Essentials in place?
Yes. Starting with Cyber Essentials first is usually cheaper and faster, and the homework you do for it carries forward into Cyber Trust. We will tell you honestly which order makes sense for you.
Get the tier question answered early.
Thirty minutes, a tier diagnosis on one page, and honest advice on whether you even need this yet.