About This Service
NESA / UAE IA Compliance Readiness for Government Suppliers in the UAE
The UAE Information Assurance (IA) standards — often referred to by the name of the original issuing body, NESA — define a structured set of security control families that apply to organizations supporting UAE government entities and critical sectors. If your company in Abu Dhabi, Dubai or Sharjah supplies services to a federal or emirate-level government entity, you may be asked to demonstrate alignment with these standards before or during a contract. This gig delivers a practical readiness program: a gap assessment against the IA control families, a prioritized remediation roadmap, and the documentation set assessors expect to see.
The engagement covers the full readiness cycle. I map your current security posture against the management and technical control families, draft the information security policies and operating procedures you are missing, and support your IT team in implementing technical controls — asset inventories, access management, logging and monitoring, backup and recovery, and incident handling. Everything is scoped to your actual environment, whether that is a 20-person mainland LLC in Abu Dhabi or a free-zone software vendor in Dubai Internet City selling into government projects.
Important positioning: I prepare you for assessment — I do not issue certifications or approvals, which come from the relevant UAE authorities and their appointed assessors. What you get from me is the evidence pack: control-by-control implementation status, policy documents, risk register, and the artefacts (screenshots, configurations, logs, training records) collected and organized so an external assessment runs smoothly. Pricing starts at AED 7,000 with a 21-day baseline delivery.
What's included
- Gap assessment against UAE IA control families — Control-by-control review of your current posture with a scored gap report and prioritized remediation roadmap.
- Policy and procedure drafting — Information security policy set written for your organization — not generic templates — covering the domains the IA standards expect.
- Technical control implementation support — Hands-on guidance for your IT team on access control, logging, hardening, backup and incident response controls.
- Risk register and treatment plan — A maintained risk register linking identified risks to controls and owners, in the format assessors ask for.
- Evidence collection for assessment — Organized evidence pack — configurations, records, training logs — mapped to each control so nothing is hunted down on assessment day.
- Assessment-day support — Briefing for your team plus availability during the external assessment window to answer control-mapping questions.
How it works
- 1Scoping call and document request
We define which systems, sites and teams are in scope and I collect your existing policies, network diagrams and asset lists.
- 2Gap assessment
I assess your environment against the UAE IA control families and deliver a scored gap report with a prioritized remediation roadmap.
- 3Remediation and documentation
I draft the missing policies and procedures and work alongside your IT team to close technical gaps in priority order.
- 4Evidence pack and readiness review
I assemble the control-mapped evidence pack and run a final readiness review so you walk into the external assessment prepared.
Why work with me
| With me | Typical agency | |
|---|---|---|
| Policies written for your environment | Generic template pack | |
| Works directly with your IT team on controls | Report-only, implementation extra | |
| Evidence mapped control-by-control | Left to the client | |
| Single senior consultant end to end | Rotating junior staff |