Last Updated August 2022

Introduction

The State of Qatar’s Software Security and Quality Assurance (SSQA) framework, forming part of the National Information Assurance Framework (NIAF), is implemented to promote the enhancement of security and quality within software development projects and eServices.

The introduction of security related controls into the Software Development Lifecycle (SDL) stages enables the development of a Secure Software Development Lifecycle (SSDL), ensuring that security is considered throughout all stages of systems development.

To support the NIAF and as part of the National Information Security Compliance Framework (NISCF), NCSA has developed a certification process for eServices that relies upon successful assessment across three assessment gates to validate the implementation of the SSQA controls provide quality assurance.

Scope

This guidance is provided for all Agencies, engaged in the development or implementation of software systems and for outsourced partners developing or providing software to, or on behalf of agencies.

Purpose

This guidance document describes the activities necessary leading to the completion of the Design phase of the system development, highlighting relevant SSQA controls, desired project artefacts and key decision points.