National Information Assurance (NIA) services
Introduction
As cyber threats across the world evolve at a fast pace, protecting Qatar’s critical ICT infrastructure and systems has become a top priority for the Ministry of Communications and Information Technology (MCIT). With the great rewards that cyberspace offers, come new risks to the very infrastructure that underpins our ability to use the Internet safely and securely.
To address those challenges, Qatar is ramping up its cyber security efforts as well as working with counterparts across the globe to ensure an open and secure cyberspace. To accomplish this, the Ministry (formerly known as the Ministry of Information and Communications Technology) formed the Qatar Computer Emergency Response Team (Q-CERT) in 2005.
About the National Information Assurance Policy (NIAP) and Compliance Certification
MCIT Board has endorsed the National Information Assurance Policy (NIAP) for adoption in all the sectors. The NIAP provides organization with the necessary foundation and the relevant tools to enable the implementation of a full-fledged Information Security Management System.
The policy guides organizations in classifying the impact of information security threats (and risk) and the selection of suitable mitigating controls, which allow to:
- Protect information assets,
- Effectively manage information security risks,
- Achieve regulatory compliance; and,
- Ease the compliance journey for international standard certifications (ISO 27001…)
The policy implementation and compliance certification are applicable in all business contexts; however, some organizations process highly sensitive data and information, such as those in Finance, Health or other critical sectors, and should consider leading adoption and implementation to support national and/or sectoral compliance requirements.
Before starting Certification
Applying for Certification is one of the last steps of achieving NIA compliance. Prior to NIA certification application, each organization should implement an Information Security Management System based on NIA Policy and NIA manual requirements. The certification application requires that organizations develop in advance a Business Impact Assessment, a Compliance Road map, an Information Asset Classification Register and a Statement of Applicability.
As an organization, you should ensure that you have put in place all the necessary policies, procedures & controls outlined within the NIA Policy Manual prior to a certification audit, as evidence will be required to demonstrate compliance during the certification audit.
How Mazars can help?
- NIA Audit Services
Forvis Mazars under Ahmed Tawfik as Accredited NIA audit firm shall perform an in-depth assessment of the National Information Assurance Policy Controls against the defined and approved scope to determine compliance and provide the National Cyber Security Agency (NCSA) department (and applicant) with an audit report upon completion. Our NIA audit services helps organizations to comply with the NIA policy certifications. Our team is also certified NIA and undergo regular trainings to make sure we are updated with the latest NIA information. Further, we can also provide insight into other threats inherent to the organizations’ complex systems and technology. - NIA Advisory/Implementation Services
Forvis Mazars as Accredited NIA advisory firm can help your organization to implement an Information Security Management System based on NIA Policy and NIA manual requirements. Further, the NIA certification application requires that organizations develop in advance a Business Impact Assessment, a Compliance Roadmap, an Information Asset Classification Register and a Statement of Applicability. Our advisory consultant and IT specialist team can provide wide ranges advisory and implementation services tailored to your needs.
Forvis Mazars is proud to be the only firm in the country to offer NIA services covering both Audit and Advisory accredited by MCIT/NCSA.
For more information, please refer to the official MCIT list of Accredited Service Providers
List of Service Providers