NISCF’s Accreditation


Accreditation is part of the National Information Security Compliance Framework (NISCF) of National Cyber Security Agency (NCSA) of the State of Qatar. Accreditation is the formal recognition of assurance that an organization is competent to perform specific services, activities, or tasks in a consistent, reliable, and precise manner. It must be performed impartially, and the process must remain objective, transparent, and consistent to ensure reliability and trustworthiness.

Accreditation is not:

  • Merely a mean of registering or listing organizations, personnel, products, and processes; 
  • A recognition of reputation/affiliation; 
  • A recognition of future capabilities; 
  • A recognition of an individual’s qualifications.

Disclaimer: The assurance provided is not absolute and its based-on documents and information review shared by the Service Providers and based on an assessment performed at a particular point in time. Therefore, NCSA does not hold responsibility of errors, damages or losses resulting from the usage of products or consumption of services provided by Accredited Service Providers. As accreditation is a post-engagement assessment does not guarantee the performance and the quality of the deliverable made by the Accredited Service Provider and any non-conformities will be considered posteriori (after facts) during the maintenance.

Benefits for Service Providers 

Obtaining accreditation from the NCSA offers a multitude of advantages for Service Providers. Below, we present an overview of the key benefits that arise from achieving accreditation for these entities:

  • Credibility with customers 
  • Competitive advantage with a marketing edge 
  • Greater customer trust 
  • Improved access to markets
  • Improved supplier relations

Benefits for Government Agencies, Critical Sector Organizations and Private Sector Businesses

  • Enhanced Decision-Making Confidence: Government Agencies, Critical Sector Organizations and Private Sector Businesses rely on accurate, reliable and trustworthy results from Service Providers to make informed decisions. Engaging Accredited Service Providers instills confidence in the services consumed.
  • Technical Competence Assurance: Accreditation by NCSA signifies that a Service Provider has demonstrated the required level of technical competence to conduct specific activities. This assurance indicates that the Service Provider possesses the expertise necessary for reliable delivery of the service.
  • Accuracy, Traceability, and Reproducibility: Accredited Service Providers are adept at producing results that are not only accurate but also traceable and reproducible. This critical attribute strengthens the foundation of governmental decision-making processes, providing a higher degree of confidence in the results generated.

Accreditation is increasingly being recognized as a valuable tool by which to establish a measure of quality which has the added benefit of helping to establish confidence in services and Service Providers. 

List of Accredited Service Provider can be found here.

Accreditation Requirements 

NCSA established transparent and specific rules for Accreditation that are detailed in different publicly available documents, as part of the National Information Security Compliance Framework (NISCF). 

The Accreditation Policy provides the overall principles and objectives of NISCF Accreditation. It is recommended for Service Providers that are new to NCSA’s Accreditation to read the Accreditation Policy to gain an understanding of the objectives of Accreditation and its main attributes and characteristics. 

The Accreditation Standard details the requirements of the NISCF Accreditation lifecycle and shall be read by all Service Providers aiming to obtain Accreditation or Accredited Service Providers that wants to know or refresh their knowledge of the requirements that they shall conform to. 

Each NISCF Accreditation Service have a specific agreement that shall be signed by the Service Provider and NCSA. To download the specific agreement to the NISCF Accreditation Service you are interested in, please visit the specific section of the Accreditation Publications page.

The terms and conditions that applicants and Accredited Service Providers shall also conform to are detailed here


NISCF Accreditation Lifecycles

The application to NISCF’s Accreditation, and the Accreditation itself, have lifecycles that include the following phases: 

  • Application: The Service provider submits the application request for NISCF Accreditation with the required forms, documents and fees. 
  • Assessment: NCSA reviews the request and assess compliance to NISCF Accreditation requirements.   
  • Decision and Award: Based on the assessment output, NCSA decides if Accreditation shall be awarded or not to the Service Provider. Certificate of Accreditation are valid for 3 years subject to maintenance. 
  • Maintenance: NISCF Accreditation are subject to maintenance on an annual basis.
  • Other phases: During the NISCF Accreditation lifecycle, situation may occur, based on NCSA decisions or voluntary requests from the Accredited Service Provider, that lead to Suspension of the Accreditation and subsequently its reinstatement or withdrawal, reduction or expansion of its scope, or its termination.
  • Re-Accreditation: The Accredited Service Provider that wish to renew its Accreditation shall request for Re-Accreditation at least 3 months before its expiry and will be subject to full assessment by NCSA. 

For detailed information regarding the different processes, the Accreditation Processes are detailed here

NISCF Accreditation Services

The National Cyber Governance and Assurance Affairs has established, consistent transparent and repeatable processes and procedures to grant the Accreditation of Service Providers in State of Qatar for following specific service offerings:

- Audit Service: Accreditation is for Service Providers who provide audit services related to State of Qatar’s information security standards and it is mandatory to all Service Providers seeking to deliver their services in NISCF’s certification audit engagements. Read More..

NISCF Accreditation Audit NIA Seal

- Advisory Service: Accreditation is for Service Providers who provide information security consultancy services and it helps its holders to build trust with their customers and provides organizations with assurance concerning their record of accomplishment or experience as a trusted advisor. Read More..

NISCF Accreditation Advisory Seal

Penetration Testing Service: Accreditation is for Service Providers who provide Penetration Testing services, that consist of ethical cybersecurity assessments to identify and exploit vulnerabilities of IT resources in order to mitigate or minimize the risk of malicious exploitation or attacks. Read More..

NISCF Accreditation Penetration Testing Seal

Read more about the Application process & Accreditation Fees 

Latest documents can be accessed from the Accreditation Publications page.