The Department of Information and Communications Technology (DICT) said Friday it launched a new framework to regulate cybersecurity and data protection assessments for government agencies and critical infrastructure.
The DICT Trusted Assessment Providers (DTAP) framework, formalized through Department Circular No. HRA-001, establishes a national benchmark for the accreditation of entities conducting Vulnerability Assessment and Penetration Testing (VAPT) and Information Security Management System (ISMS) assessments.
This aligns with Outcome 3.4 of the National Cybersecurity Plan 2023-2028 to ensure that only vetted providers help organizations identify risks and protect sensitive data.
DICT officials said the framework is essential to maintaining public trust and sound governance in the digital ecosystem.
DICT special assistant to the secretary for cybersecurity Julius Gorospe said DTAP ensures that services for government agencies and critical information infrastructures (CIIs) are delivered only by competent and technically capable providers.
“The accreditation of Trusted Assessment Providers under DTAP is a key step in strengthening the country’s cybersecurity and data protection posture,” Gorospe said.
He said that setting clear standards allows organizations to take informed actions to secure their systems.
Under the new guidelines, providers may be granted full accreditation for a year or provisional accreditation for six months depending on their compliance with DICT requirements.
The DICT said the framework reinforces its commitment to a resilient digital landscape while advancing national digital transformation.
The program is expected to increase the reliability of cybersecurity audits across the 100 percent of covered government institutions and private entities managing vital national data.
