Regulatory & Compliance

Governance, Risk, and Compliance remain critical to business challenges. As new laws and regulations are enacted, their requirements place greater emphasis on enterprise stakeholders to maintain transparency, objectivity, and excellence. Associated with an increased risk of liability, executives must ensure that corporate governance standards are followed and that robust compliance management systems are in place.​


The Department of Health (DOH) established the Abu Dhabi Healthcare Information and Cyber Security (ADHICS) Standard. Adoption of the ADHICS Standard by DOH-regulated healthcare entities will better prepare and enable the Abu Dhabi Health Sector to safeguard privacy and security. Its adoption strengthens the government’s efforts to improve security and public confidence through Health Information Exchange (HIE).

MAST supports Healthcare organizations in their journey toward compliance with the ADHICS through

  • GAP Analysis & Risk Assessment
  • Risk Treatment Plan
  • ADHICS Policies & Procedures
  • Technology Implementations
  • Security Awareness & Training
  • Control check & Audit
  • Assistance in external Audit

ISO 27000

A robust Information Security Management System (ISMS) is required for any organization to reduce risks when it comes to keeping your corporate information or customer information secure. Obtaining ISO 27001 accreditation means that your company’s information is safe against unauthorized access, which leads to improved revenue and customer loyalty.

Our consultants help you to prepare for ISO 27001 certification and implement the Information Security Management framework. We collaborate with you to guarantee that the ISO 27001 framework is achieved with minimal friction and maximum value. 

MAST ISO 27001 Service features

  • GAP Analysis & Risk Assessment
  • Risk Mitigation Plan
  • Technology Implementations
  • Security Awareness & Training
  • Internal Audit
  • Assistance in external Audit

Additional Tips to Maintain ISO Compliance

  • Perform effective internal audits
  • Devise efficient remediation plans
  • Update documentation regularly
  • Monitor and Review ISMS

ISO 20000

ISO 20000 is a framework to identify and manage the key processes involved in delivering effective IT services which meet the needs of the business and the customer. ISO 20000 provides the IT organization with a set of coherent service management processes and a quality management system to manage the full-service lifecycle of an IT service from the end-user’s perspective.


  • ISO/IEC 20000 is fully compatible with the ITIL (IT Infrastructure Library) best practice guidance framework for ITSM processes.
  • IT service providers become more adaptable to business-led rather than technology-driven services.
  • External service providers can utilize certification as a differentiation and win new business as it becomes more of a contractual necessity.
  • Allows you to more efficiently identify and manage external service providers.
  • More opportunities to improve the efficiency, reliability and consistency of IT services impacting costs and service.
  • Certification audits allow for the frequent review of service management processes, which aids in the maintenance and improvement of effectiveness.


The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards formed in 2004 by Visa, MasterCard, Discover Financial Services, JCB International and American Express. Governed by the Payment Card Industry Security Standards Council (PCI SSC), the compliance scheme aims to secure credit and debit card transactions against data theft and fraud.

While the PCI SSC has no legal authority to compel compliance, it is a requirement for any company that accepts credit or debit card payments. PCI certification is also thought to be the best way to protect sensitive data and information, allowing businesses to build long-term and trusting relationships with their customers.

MAST’s team can assist you with PCI DSS assessments and implementation, as well as train your team to achieve PCI DSS certification.

PCI certification ensures the security of card data at your business through a set of requirements established by the PCI SSC. These include several commonly known best practices, such as:

  • Installation of firewalls,
  • Encryption of data transmissions and
  • Use of anti-virus software.


We specialize in creating business continuity and IT disaster recovery programs that meet the unique needs of organizations of all sizes in nearly every industry. Secure Link will work with you to build a business continuity program that is credible, pragmatic, and sustainable​


With the SAMA Cyber Security Framework, we assist customers in improving their cyber resilience.

The Saudi Arabian Monetary Authority (SAMA) has taken on the task of improving cyber resilience by implementing industry best practices, standards, and other frameworks, resulting in the SAMA Cyber Security Framework.

SAMA required entities from all sectors to comply with the Cyber Security Framework and thereby meet the minimal levels of security compliance criteria that will allow them to handle and withstand cyber security threats. 

MAST supports organizations to achieve SAMA Cyber Security Framework –

  • GAP Analysis & Risk Assessment
  • Cyber Security Policies & Procedures
  • Security Testing and Security Awareness
  • Technology Implementations
  • Implementation Reviews with SAMA CS Framework
  • SAMA CSF Internal Audit and
  • Support / Training for External Audits


The UAE Information Assurance (UAE IA ) Regulation (also known as NESA) are critical element of the National Cyber Security Strategy (NCSS) .

The UAE IA Regulation aims to provides a benchmark when capturing and measuring an entity’s Cyber Security Maturity. Such an approach allows actionable decisions to be made while taking under consideration applicability, priority, and status. Consequently, the well-thought structure and depth across both the Management and the Technical controls act as the enabler for continuous improvement towards a well-defined Cyber Resiliency, which can be reflected at a national level if/when needed.

The UAE IA assessment is a collection of fifteen (15) information security domains which are grouped under management (6) and technical controls (9).

The fifteen (15) domains have in total 188 security controls of which sixty 60 controls fall under Management and 128 controls fall under Technical. In addition, each security control has a priority assigned to it which shifts the weight of the outcome allowing to shift the focus and effort towards what matters most. Most importantly, there are thirty-five (35) management controls which are classified as “always applicable”, while the remaining controls are dependent on the outcome of Risk Assessment.

MAST approach towards attaining UAE IA Standards for any organizations includes

  • GAP Analysis & Risk Assessment
  • Cyber Security Policies & Procedures
  • Security Testing and Security Awareness
  • Technology Implementations
  • Implementation Reviews on UAE IA Framework
  • Internal Audit and
  • Support / Training for External Audits
Connect with our MAST Team

    Nullam quis risus eget urna mollis ornare vel eu leo. Aenean lacinia bibendum nulla sed