Chapters
Program Requirements
1. What are the Program Requirements?
To obtain the Cyber Authorization Certificate, the partner must ensure the following requirements are met:- Identify the partner’s classification.
- Implement the applicable Cyber Authorization Certificate requirements.
- Complete the Partner Cybersecurity Compliance Certificate Report.
- Select an approved auditing firm by registering via the (GlassHUB) link.
1.1. Identifying the Partner’s Classification
Cybersecurity requirements are determined based on specific fields (activities) defined by GO Telecom and require a cyber authorization.1.2. Implementing Applicable Cyber Authorization Certificate Requirements
- The partner must refer to the TrustNet standard to identify applicable cybersecurity requirements.
- Registered partners aiming to do business must implement all cybersecurity controls in the TrustNet standard before project execution. Additionally, contracted partners awarded to conduct business must implement all cybersecurity controls in the TrustNet standard, applicable based on the partner’s classification as determined by the TrustNet standard appendix.
- The partner must refer to the Partner Cybersecurity Control Requirements Guide to understand program implementation requirements.
- The partner must obtain the certificate within 90 days of contract approval after receiving notification.
1.3. Completing the Partner Cybersecurity Compliance Certificate Report:
- The partner must fill in all fields in the Partner Cybersecurity Certificate Report.
- The partner must ensure answers are comprehensive, clearly described, and attach supporting documents.
- The partner must ensure the evidence is clear, legible, and timestamped.
- The partner must ensure the evidence shows proof of relationship with the third party.
- The partner must highlight evidence in clear, separate, auditable, and verifiable points.
- If some controls are inapplicable, the partner must provide proof, and this justification must be added to the report on inapplicable controls for the Cyber Authorization Certificate and signed by the partner.
- The partner must implement all applicable cybersecurity controls specified in GO Telecom’s Partner Security Standard for:
- o All partner information systems and/or assets used to connect to GO Telecom’s network, or that receive, store, process, or transmit information. These assets must be secured and stored according to this standard and made available to authorized users on a need-to-know basis.
How to Get Certified
2. How to Obtain the Certificate
2.1. Remote Assessment Process
- The partner must conduct a compliance assessment based on partner classifications that define the scope of assessment and required cybersecurity controls, as detailed in GO Telecom’s Partner Security Standard.
- The partner must follow the third-party guideline section.
- The partner must refer to the Cybersecurity Control Requirements Guide to understand compliance requirements.
- The partner must choose one of the approved auditing firms from the third-party-certified auditing firms list.
- The partner must submit the Cyber Authorization Program Report to the auditing firm before assessment verification.
- The auditing firm must verify the submitted documents and create the TrustNet Certificate Program Report.
- The partner must achieve 100% compliance with all applicable security standards to receive the Cyber Authorization Certificate from the auditing firm.
- The partner must implement the findings and submit the updated Cyber Authorization Certificate Report to the auditing firm for reassessment via the third-party portal (GlassHUB).
- The concerned partner must submit the Cyber Authorization Certificate report through (GlassHUB) within 90 days for contract-awarded partners.
2.2. Certificate Validity
- The certificate will be valid for two years from the issuance date.
Authorized Assessment Firms
- The certificate assessment and issuance will be conducted by an independent approved auditing firm through the (GlassHUB) portal.
- The auditing companies will be responsible for verifying partners' compliance with GO Telecom’s Partner Security Standards and issuing the Cyber Authorization Program Certificate.
- Only Cyber Authorization Program certificates issued by approved auditing companies are accepted.
- The list of approved auditing companies for the Cyber Authorization Program can be found in the (GlassHUB) portal and will be regularly updated.
- The auditing company is responsible for verifying the partner’s cybersecurity compliance against applicable TrustNet requirements and issuing Cyber Authorization Certificates only.
- The auditing company will share the Cyber Authorization Certificate report with the cybersecurity sector, procurement sector, and supplier management.
