Skip to Content
Docs are being rebuilt — start at Introduction → How it works.
Governance & complianceQCB & NCSA AI guidelines

QCB & NCSA AI guidelines

The Qatar Central Bank (QCB) and the National Cyber Security Agency (NCSA) publish guidance on operating AI systems securely and responsibly, especially in regulated sectors such as financial services. This page explains how TeamMate features can support that guidance.

This is guidance, not a certification or regulatory approval. TeamMate is not certified or licensed under QCB or NCSA frameworks, and using these features does not by itself satisfy any regulatory obligation. Confirm requirements with your compliance and risk functions.

Common themes and supporting features

Guidance themeHow to support it in TeamMate
Access control and authenticationEnforce SSO and restrict allowed domains in Security; assign least-privilege roles in Members & Roles.
Human oversightKeep agent scopes narrow and review agent behavior in chat before relying on outputs; test agents before publishing.
AuditabilityAgent conversations and automation runs are recorded, supporting traceability of AI-assisted decisions.
Resource and cost controlBound usage with workspace and per-user limits via Spending controls.
Data handlingLimit each agent’s knowledge bases and integrations to only what its task requires.

Practical steps

  1. Lock down access

    Configure Security for SSO and domain restrictions, and use Members & Roles to limit administrative access.

  2. Scope agents tightly

    Give each agent only the instructions, knowledge, and integrations it needs. Review and remove anything that grants broader access than required.

  3. Keep humans in the loop

    Test agents in chat and review their responses before publishing, especially where outputs influence regulated decisions.

  4. Maintain records

    Use conversation and automation run history for traceability, and bound usage with Spending controls.

What TeamMate does not do for you

  • It does not provide regulatory approval, licensing, or a compliance opinion under QCB or NCSA frameworks.
  • It does not replace your organization’s model-risk management, security, or governance policies.
  • It does not make AI outputs authoritative — human review of agent outputs remains your responsibility.
Qatar PDPPLISO 27001 alignment