Government E-Service (SSQA) Certification

The Government E-Service certification process is designed to enhance the security and quality of online government services and establish a uniform, or standardized, set of controls that govern the secure development of e-services and wider systems development projects. As part of the National Information Security Compliance Framework (NISCF), Government entities will be required to have e-services assessed prior to deployment into operations.

An Electronic Service (E-Service) constitutes a service produced, provided or consumed through ICT and which is available on the Internet.

The Government E-Service certification evidences compliance of a system or service’s development in alignment with controls that emphasize the consideration of information security. The implementation of these controls is assessed by independent, accredited, Service Providers through evidence-based audits.

Government E-Service (SSQA) Certification Process

The certification process provides a structured approach for the assessment of the Software Security and Quality Assurance Standards, by Accredited Service Providers, and it is completed through three (3) stages to enable the effective measurement of security consideration throughout the development life-cycle.

l1

Systems or services that adequately demonstrate the implementation of controls at a specified level will be eligible for certification.

Certification assessments against the lowest Compliance Level may be conducted using a self-assessment approach; however, the results of the self-assessment will be reviewed in greater depth by the Compliance and Data Protection (CDP) department prior to granting certification.

Compliance Certification

The compliance certificate awarded following assessment provides a point-in-time reference against an outlined scope and explicit set of controls from the Software Security and Quality Assurance (SSQA) standards which form part of the State of Qatar’s National Information Assurance Framework (NIAF). This, however, does not imply or guarantee on-going security or suggest that a system or solution is safe from cyber-attack.

Sample SSQA Seal Level 3

The Gold Standard of compliance represents the highest level of compliance that should be sought by developers of systems and services.
This level of certification represents implementation of all security controls desired for a digital service that is critical to the functioning of the modern digital society or that is processing sensitive information.

Sample SSQA Seal Level 2

The Silver Standard of compliance represents the implementation of additional security controls forming the desired baseline for all digital services developed by, or on behalf of, the government of the State of Qatar.

Sample SSQA Seal Level 1

The Bronze Standard represents successful implementation of the minimum-security requirements necessary for all digital services developed by, or on behalf of, the government of the State of Qatar. This tier is typically suitable for those services processing non-sensitive, or public, information, or information with little requirement for confidentiality, integrity or availability.

Achieving Compliance Certification-at-a-Glance

  1. Learn more about how to Apply for Certification for Government E-Services.
  2. Access more information and the documentation required for E-Service Certification.

For further guidance and clarification on the certification process, please contact a CDP staff liaison.