MoTC issues accreditation to data security service providers

The Accreditation Programme is part of the National Information Security Compliance Framework (NISCF), which aims to validate and assure security within ICT programmes, systems and services, and encourage alignment with good practice for protecting digital infrastructure and data.

NISCF helps support the achievement of the National Cyber Security Strategy; it complements Qatar’s National Information Assurance Framework (including wider applicable information security legislation, regulation and standards) to establish a safe and vibrant cyberspace, a press statement notes.

The accreditation certificate, awarded to Protiviti Member Firm Qatar LLC, is designed for service providers who deliver information security consultancy and implementation services to the public and private sectors.
A certificate of accreditation is the formal recognition that an organisation is competent to perform specific services, activities or tasks in a consistent, reliable and precise manner. It is a cornerstone in improving security within cyberspace by enhancing the quality of cybersecurity services in Qatar.

The advisory accreditation helps accredited service providers build trust with their customers and provides organisations with assurance concerning their accomplishments, or experience, as a trusted adviser.
Accredited service providers, such as Protiviti Member Firm Qatar LLC, are integral to supporting public and private sector organisations to achieve compliance certification through alignment with Qatar’s national standards for cybersecurity.

The issuing of compliance certificates, as part of the national compliance framework, supports the assurance of a consistent application of security best practices by entities in the country, the statement continues.
Currently, there are two certification schemes that accredited service providers can support: the National Information Assurance (NIA) Certification for Organisations and Software Security and Quality Assurance (SSQA) Certification for Government E-Services.

The NIA Certification scheme ensures independently audited and validated compliance with the National Information Assurance Policy (NIAP) controls within the context of a clearly defined scope. Benefits of the NIA certification for organisations include independent confirmation about the organisation’s security posture, ensuring that the company, assets, shareholders and staff are adequately protected from cyber threats and attacks and providing customers and stakeholders with confidence in how risks are managed among others.
The SSQA certification scheme, underpinned by the SSQA, framework enhances the existing NIAP controls by identifying security controls that should be considered during development activities to create a Secure Systems Development Lifecycle (SSDL).

The SSQA certification provides assurance that government e-services are developed and deployed with consideration of relevant information security threats and mitigation.
The advisory service accreditation certificate awarded to Protiviti Member Firm Qatar LLC identifies the service provider as a competent adviser, capable of assisting organisations in the planning, design and implementation of activities to achieve NIA or SSQA compliance certification.

Dana Yousif al-Abdulla, acting director of the Compliance and Data Protection Department, Cybersecurity Affairs, MoTC, said: “We are delighted to have more accredited service providers joining the national accreditation programmes, which will extend the trust in the cybersecurity supply chain in Qatar.

“We are extremely pleased that we are able to recognise Protiviti Member Firm Qatar LLC as the first accredited service provider within the advisory service area.”