Journey towards NIA Certification


The National Information Assurance is an information Security standard issued by NCSA that setup the requirements related to Information Security Management System. It specifies the security controls and requirements to be implemented by the organizations to comply with the security requirements of the National Data Classification Policy, together the two documents will help organizations in implementing a robust information security management system within their organization.

The NIA standard applies to all organizations and their corresponding information assets. Where the organization has outsourced or subcontracted any processes or activities, they should ensure that the outsourced or subcontracted processes or activities also comply with this standard and associated controls. 

NCSA offers the opportunity, to organizations that implemented NIA requirements, to showcase and evidence their compliance to the National Information Assurance (NIA) standard through its NIA Certification scheme.

Pre-NIA Certification Application Steps

Before starting the NIA Certification process, the organization should go through an implementation exercise and internal verification of the NIA requirements. 

These actions are not part of the NIA Certification application process. However, they are mandatory in order to ensure the readiness to apply for NIA Certification.

Diagram showing Pre-NIA Certification Application Steps    

  1. Develop NIA Compliance Program to help achieve the NIA Certification:
    • Develop an organization wide implementation program with roles and responsibilities, budget, and resources to implement NIA requirements.
    • Divide the organization into manageable scopes to apply NIA Standard requirements and build the Certification plan
    • Select and document the scope
  2. Implement NIA requirements for the scope:
    • Data Classification following the Data Classification Policy issued by NCSA and build the Information Assets Classification Register (IACR)
    • Select the relevant controls from the NIA Standard to build the Statement of Applicability (SoA)
    • Implement the NIA requirements over the information assets of the scope.
  3. Prepare for NIA Certification Application:
    • Initiate discussion with Accredited Auditors to collect quotes and understand the process
    • Allocate budget and resources
    • Perform Pre-Certification Application Assessment
    • Initiate, if possible, the procurement process for selected Accredited Service Provider for NIA Audit
    • Prepare the evidence database

NIA Certification Application

Once the organization is confident with its readiness to go-through NIA Certification application process, it can raise a formal request to NCSA. The below steps provide a highlight on how the NIA Certification application will be processed. 

Before applying, the organization shall ensure it has read, understood, and accepted the terms and conditions of NIA Certification as well as the NIA Certification Service Agreement.

It also important that the organization ensure that the documentation required based on the NIA Certification Scoping Standard is readily available for submission. The standard details the information and documents that shall be shared with NCSA in order to review, in order to accept the scope of the NIA Certification application request.

Finally, the organization shall understand the NIA Certification Processes and the relevant audit standards and requirements that the Accredited Service Provider for NIA Audit shall follow to perform the NIA Certification Audit. 

Diagram showing NIA Certification Application Steps

  1.  The organization applies for NIA Certification Service formally and NCSA reviews the scope:
    • Raise the request using the website application form
    • Submit all the mandatory documents and supporting evidence, including the duly signed documentation and agreement.
    • NCSA reviews the application and request further information before accepting the scope, if necessary.
    • Certification Application Fee is billed after this stage.
  2. The organization engages an Accredited Service Provider for NIA Audit and is subject to the audit: 
    • The applicant selects an Accredited Service Provider for NIA Audit Accredited Service Provider for NIA Audit Service Provider as Auditor and engage formally.
    • The Accredited Service Provider for NIA Audit performs the audit in compliance with the different audit and Accreditation requirements and rules defined by NCSA and reports to NCSA on the work performed at different stages.   
  3. NCSA reviews the Accredited Service Provider for NIA Audit reporting and awards the NIA Certification based on the results:
    • NCSA reviews the Accredited Service Provider for NIA Audit various reporting and assess the compliance of the applicant to NIA requirements. 
    • Based on the Audit Report and NCSA review, NCSA decides if NIA Certification shall be awarded or not to the Applicant.
    • Once the decision to award the NIA Certification is taken, the applicant shall pay the Certification Award Fee.
    • NCSA issues the NIA Certificate of Compliance valid for a period of 3 years and updates the Public Certification Record.