National Information Assurance (NIA) Workshop

Following the launch event of the National Data Security Accreditation Framework, the Compliance and Data Protection (CDP) department of the Ministry of Transport and Communications (MOTC) and of the Government of the State of Qatar held a workshop on the 14th of March around the new National Information Assurance (NIA) compliance. The event was aimed at constituents that are required to achieve compliance against the National Information Assurance Policy (NIAP) and are seeking NIA certification.

Opening the event, Compliance and Data Protection Acting Director, Dana Al-Abdulla, stated; “this workshop will be the first of a long series of workshops and events around information security and cyber security compliance and certification.” She emphasized the fact that the CDP will play an important role in Qatar’s Digital Government Strategy and National Cyber Security Strategy by ensuring compliance with National Information Assurance Framework (NIAF).

The audience, which was composed of representatives from government and semi-government agencies, was taken through the history and philosophy of National Information Assurance Policy (NIAP) by Cyber Security Policy & Strategy Manager at the Critical Information Infrastructure Protection Department, Samir Pawaskar. He presented the alignment between the NIAP and other international generally accepted information security standards like ISO 27001 or PCI-DSS and the linkage it has with the other information security standard within NIAF, Software Security and Quality Assurance (SSQA).

In presenting the NIA compliance assessment cycle, Information Protection Regulatory Affairs Head  Dr. Ashraf Ali Ismael took the time to clearly explain the compliance journey from registration on the CDP portal to final certification. He continued by explaining the different parties involved in the compliance process, showcasing the role of CDP in the process and providing illustrative examples of  interactions with the accredited auditors. Details about the certificate, its scope and its maintenance were given to the audience to better understand the NIA certification scheme.

Dr. Ashraf gave an overview of the current and targeted compliance enforcement efforts. Feedback on the pilot phase which CDP is currently running was presented that showed good progress with plans to go live soon. He also underlined the fact that registration is open to any organization and that the CDP strongly encourages early registration. This will help the department to grasp information on the certification needs and plan and act accordingly.

Within the NIA compliance assessment cycle, particular care was given during the workshop to the first step – the scope of the certification submission by the constituent and its validation by the CDP. Dr. Ashraf highlighted the required document for submitting a scope for NIA certification and building on it, and the audience was walked through all the documents and the required information needed in the reporting. The exercise built interactions with the audience that gave detailed inputs in different situations and practical insights on how to provide good quality information.

The workshop ended with an extended question and answer session, in which all of the speakers were involved.

For more information on the content of the event, please go to the Public Presentations from Events of the library section of our website assurance.ncsa.gov.qa