NIA Certification

Introduction

National Information Assurance (NIA) Certification is part of the National Information Security Compliance Framework (NISCF) of National Cyber Security Agency (NCSA) of the State of Qatar.

The National Information Security Compliance Framework (NISCF) Certification Program provides a mechanism for organizations to evidence compliance to the State of Qatar’s information security requirements.

The Certification provided by NCSA is an assurance that an entity has been determined as compliant (meeting a specified set of criteria) after going through a formal audit procedure by an authorized independent entity. 

Benefits of Certification

Apart from meeting regulatory requirements, Certified Organizations can benefit from:
•    Assurance about the organization’s secure posture through independent and rigorous audit 
•    Ensuring that the organization assets, shareholders, and staff are adequately aware and protected from identified cyber threats
•    Providing customers and stakeholders with confidence in how the organization manage cyber and technology risk
•    Confirm the resilience of the organization against common cyber threats
•    Managing and minimizing risk exposure, by building a culture of security in the organization
•    Helping with compliance to other related international, national, and sectoral regulations and standards

Certification Requirements 

NCSA established transparent and specific rules for Certification that are detailed in different publicly available documents, as part of the National Information Security Compliance Framework (NISCF).

The Certification Policy provides the overall principles and objectives of NISCF Certification. It is recommended for Applicants that are new to NCSA’s Certification to read the Certification Policy to gain an understanding of the objectives of Certification and its main attributes and characteristics. 

Being an Information Security Management System, NIA Certification follows the Certification Standard for Management Systems that details the requirements of the NISCF Certification lifecycle for Management Systems Certification. This standard shall be read and understood by all applicants aiming to obtain NIA Certification, NIA Certified Organizations or Audit Accredited Service Providers that wants to know or refresh their knowledge of the requirements that they shall conform to and work with during the NIA Certification lifecycle. 

The NIA Certification Service Agreement is the agreement that govern the relationship between the Applicant for NIA Certification / NIA Certified Organization and NCSA in relation to the NIA Certification.  The agreement shall be signed by the Applicant for NIA Certification and NCSA. 

In addition to the NIA Certification Service Agreement, Applicant for NIA Certification / NIA Certified Organization shall conform to the NIA Certification terms and conditions.

NIA Certification Lifecycle

The NIA Certification lifecycle consists mainly of the following phases: 

• Application and Scope Acceptance: The applicant submits the application request for NIA Certification with the required forms and documents. NCSA reviews the application and accepts the scope when all information is provided and clear. Certification Application Fee is billed after this stage.
• Auditor Selection and Audit: The applicant selects from the list of Accredited Service Provider for NIA Audit, the Accredited Service Provider for NIA Audit and engage it formally. The Accredited Service Provider for NIA Audit performs the audit in compliance with the different audit and Accreditation requirements and rules defined by NCSA and reports to NCSA on the work performed at different stages.   
• Review, Decision and Award: NCSA reviews the Accredited Service Provider for NIA Audit various reporting and assess the compliance of the applicant to NIA requirements. Based on the Audit Report and NCSA review, NCSA decides if NIA Certification shall be awarded or not to the Applicant. NIA Certificate of Compliance is valid for 3 years subject to maintenance. 
• Maintenance: NIA Certification is subject to maintenance on an annual basis.
• Other phases: During the NIA Certification lifecycle, situation may occur, based on NCSA decisions or voluntary requests from the Certified Organization, that lead to Suspension of the Certification and subsequently its reinstatement or withdrawal, reduction or expansion of its scope, or its termination. Also, other factors may contribute to change the selected Accredited Service Provider for NIA Audit during the NIA Certification lifecycle
• Re-Certification: The Certified Organization that wish to renew its NIA Certification shall request for Re-Certification following the rules defined by NCSA and shall be subject to an audit covering all aspects of the scope by the selected Accredited Service Provider for NIA Audit. 

For detailed information regarding the different processes, the NIA Certification Processes are detailed here.