1. IT Audit Program Development:
• Develop and implement a comprehensive IT audit program integrable to the client audit
universe and in line with client’s objectives and UAE regulatory frameworks, such as ISR v3
and DESC’s cybersecurity strategy.
• Ensure the audit program aligns with international standards (ISO 27001, ISO 20000, ISO
22301) and local UAE regulations to guarantee data integrity, confidentiality, and
availability.
2. Risk and Compliance Assessment:
• Conduct risk assessments and compliance audits according to ISR v3, which includes 13
domains covering governance, operational controls, and security assurance.
• Evaluate compliance with the Dubai Cybersecurity Strategy and DGEP Cyber KPIs, focusing
on the effectiveness of client’s cybersecurity posture and readiness against emerging threats.
3. Data Management and Protection Audits:
Assess client’s data management policies and ensure they meet the standards set by Dubai
Data Establishment Dubai Data Law, UAE Federal Law No. 2 of 2019, as well as ISR v3’s
guidelines on data masking, data portability, and other protective measures.
• Ensure that client’s IT systems comply with the UAE Cybersecurity Council’s framework,
which includes critical infrastructure protection and national cybersecurity resilience.
4. Cybersecurity Audits:
• Perform detailed cybersecurity audits, ensuring client’s adherence to ISO27001, NESA UAE IA v1.1, ISR
v3 standards, which cover incident response, threat detection, and secure system
configurations.
• Ensure client’s cybersecurity protocols align with the Dubai Cybersecurity Strategy and the
UAE’s national cybersecurity policies, which emphasize critical information infrastructure
protection (CIIP) and threat intelligence sharing.
5. IT Governance and Strategy:
• Review client’s IT governance policies to ensure compliance with the ISO27001, UAE IA v1.1, ISR
v3 standards and any other UAE’s national cybersecurity frameworks.
• Provide recommendations to align client’s IT strategy with the UAE’s broader goals for
cybersecurity resilience, including proactive threat management and the secure adoption of
digital transformation technologies.
6. Technical Audits and Assessments:
• Evaluate client’s IT infrastructure, including cloud services and data centers, to ensure
compliance with ISR v3 requirements and best practices for critical infrastructure
protection.
• Ensure that all technical systems, including networks, hardware, and healthcare information
systems, follow the standards set by DESC’s cybersecurity strategy.
7. Cybersecurity Reporting and Corrective Action Plans:
Provide detailed audit reports on client’s cybersecurity performance, focusing on compliance
with ISR v3, DGEP Cyber KPIs, and UAE Cybersecurity Council policies.
• Collaborate with client’s IT team to design and implement corrective actions, ensuring the
mitigation of identified risks and continuous improvement of client’s cybersecurity controls.
8. Knowledge Transfer and Capacity Building:
• Provide training to client’s internal audit and IT teams on UAE-specific cybersecurity
frameworks, including ISR v3, the Dubai Cybersecurity Strategy, and national incident
response protocols.
• Conduct workshops and seminars to enhance client’s capacity to independently monitor and
ensure compliance with local and international cybersecurity standards.
