Page 72 - Annual Report 2021 EN
P. 72
/ 72 T ABLE OF C ONTENT S
Information technology compliance
Website cookie notice Zero Trust security framework
In line with the General Data Protection Regulation The QFCRA implemented a “Zero Trust” security
(GDPR), the most comprehensive data protection model, requiring all users, whether in or outside the
legislation and the QFC Data Protection Regulations, organisation’s network, to be authenticated, authorised,
the QFCRA implemented the cookie policy and notice and continuously validated for security configuration
on its website, addressing crucial aspects about the before being granted or keeping access to QFCRA’s
confidentiality of electronic communications and the applications and data.
tracking of website visitors.
The framework ensures that no device, user, system, or
By complying to the regulations governing cookies workload is trusted by default, securing infrastructure
under the GDPR and the QFC Data Protection and data even in remote and hybrid environments.
Regulations, the QFCRA website allows its visitors
to give consent to the use of cookies. Visitors are
provided with specific information about the data
each cookie tracks before consents are received,
allowing them to access the website even if
they refuse to allow the use of certain cookies.
Qatar 2022 Cybersecurity Framework
The QFCRA maintains compliance with the Qatar
2022 Cybersecurity Framework, a project initiated by
the Supreme Committee for Delivery and Legacy in
preparation for the 2022 FIFA World Cup to safeguard
critical national services. The framework’s capability-
based approach takes into consideration the risks
identified by various entities, including the QFCRA.
As part of its implementation, the QFCRA reviewed
the framework’s cybersecurity capabilities, mapped
the entity services to those capabilities, assessed its
implementation, and created a roadmap to address
gaps in the implementation.
