Read time: 2 mins 52 sec
Brushing the term – NESA Compliance
NESA, National Electronic Security Authority, is a UAE federal authority accountable for the cybersecurity of the United Arab Emirates. NESA formed Information Assurance (IA) Standards across UAE to improve national cybersecurity. Compliance with the standard confirms a minimum level of security in businesses that support national services across all domains and sectors.
The primary intent of the NESA Standard is to define a rigorous national Cyber Security Strategy that enables improvement in cybersecurity and raises cognition of Cyber Security within the UAE. NESA Compliance hangs obligatory for all participating stakeholders who support and deal with critical national information or deliver such services. For all other UAE entities, NESA advises following the guidelines voluntarily.
So, here is a case study on the NESA Compliance Project conducted by ValueMentor for a Digital Payments company in the UAE.
About the Client
The client enables secure digital payments throughout the operating region and positions UAE as a global leader in digital services. Their dedicated platform looks to eliminate cash payments in UAE and promotes digital cash across the nation.
Activities Performed
The client wanted to perform NESA Compliance requirements applicable to its environment that involved:-
- Gap Assessment.
- Information Security Risk Assessment & Treatment.
- Policies & Procedures development.
- Information Security Awareness.
- Remediation Support.
- Internal Audit.
Entangled Challenges
Here are the few challenges that hung in the way while conducting the compliance program.
- The lack of Information Security roles /resource created difficulties in identifying and expressing the audit approach before the start of the engagement. It had influence on the overall audit schedule.
- The lack of information security understanding was also an impending challenge. Our team conducted an initial meeting to take over the challenge following security awareness programs on various phases of the engagement.
- Another challenge was to execute a tailored compliance plan within a specified timeline. Our team was ever ready for the plan converting the classic deliverables into customized ones within the timelines.
Used Strategy
- Prior to the on-site visit, the team precisely shared and communicated the audit program schedule to the client.
- The team well-communicated the objectives of the Audit to the team leaders and stakeholders.
- Acquired active participation and support from various client departments.
- Analyzed all policy, procedures and supporting documents, including applicable contracts.
- Checked all physical security efforts to determine gaps/deviations in line with NESA compliance requirements.
Involved Process
- Conducted the Kick-off meeting with respective project stakeholders including Senior Management.
- Developed the right Project Plan and identified the roles and responsibilities of all participants so that business functions are minimally impacted.
- Analyzed the current Information Security Practices.
- Mapped the current practices with NESA requirements.
- Located the gaps in documentation, process, and technology aspects of Information Security.
- Developed NESA Compliance Framework.
- Designed policies, procedures & standards.
- Performed security awareness training for all staff (Cloud-based).
- Performed NESA Compliance Audit (Internal Audit).
Obtained Results
Obtained results out of the engagement included: –
- Brief and Audit closure with stakeholders on a daily basis.
- Reached definitive agreement with all findings.
- Helped to achieve compliance towards to NESA standards.
- Created Compliance roadmap for those identified gaps.
- Fulfilment and submission of the Audit Summary Report with Prioritized Risk Recommendations.
Conclusion
ValueMentor compliance experts have profound industry-specific understanding and knowledge to keep up with the constantly changing NESA regulations. Our plans, procedures and strategies travel proportional to risk levels in your association. We offer comprehensive security and risk management advisory solutions that help secure your information integrity at optimum levels. Your NESA Compliance is at ease with us. All you should do is hop to our service page and book your consultation right away.
