You are here

United Arab Emirates

Survey Answer:

NESA has developed the Information Assurance Standard (“IAS”), which lists a significant number of security controls that “all UAE government entities and other entities identified as critical by NESA are obligated to implement”.
The National Cyber Risk Management Framework details the sector and national-level risk management approach with regards to Critical National Services and their Critical Information Infrastructure, and provides guidelines on the implementation of risk assessment in this regard. The entity shall have agreements that cover all relevant security requirements with third parties to handle the entity’s information assets. The entity shall:
(i) verify that any contract or agreement with third parties addresses all aspects of the entity’s information security policy regarding accessing, processing, communicating, or managing the entity’s information or information systems, or adding products or services to information systems;
(ii) make sure that proper controls are introduced in the contract in order to verify compliance with the agreed security objectives; and
(iii) perform audit of third parties services and infrastructures to verify compliance with agreed security objectives.

Provided By:
Andrew Fawcett and Krishna Jhala, Al Tamimi & Company