Aligned
PDPL
Saudi Personal Data Protection Law
Lawful basis, data residency, retention, and subject-rights workflows mapped into every platform we deliver in the Kingdom.
Read our PDPL practiceCompliance & certifications
Compliance is a feature, not a friction.
Every NAS engagement is designed to meet the regulations that govern it — PDPL, NCA Essential Cybersecurity Controls, ISO 9001, and the sector-specific frameworks our clients live by.
PDPL aligned
NCA-ECC ready
ISO 9001 certified
Our approach
Built for regulation from day one.
Most projects bolt compliance on at the end. We design it in — so regulated workloads ship without rework.
Our delivery practice has compliance baked into every phase — discovery captures the regulatory baseline, design covers the controls, implementation evidences them, and operations sustains them after go-live.
We hold ISO 9001 certification on the NAS practice itself, with ISO 27001 certification on our roadmap targeted for early 2027. Our engineers carry the individual certifications relevant to the frameworks our clients are audited against.
8+
Frameworks covered
Regional and international standards built into our delivery.
100%
Regulated projects
Every regulated engagement ships with a compliance evidence pack.
30+
Certified specialists
Internal certifications across PDPL, NCA, ISO 9001, and adjacent frameworks.
0
Audit failures
Across every NAS-led regulated deployment to date.
Frameworks
The standards we build to.
A non-exhaustive list of the regulatory and quality frameworks we deliver, evidence, or directly hold certifications for.
Ready
NCA-ECC
National Cybersecurity Authority — Essential Cybersecurity Controls
Full ECC control coverage — governance, defence, resilience, and third-party — implemented and evidenced for KSA government and regulated entities.
See the outcome we deliver
Target Q1 2027
ISO 27001
Information Security Management System
We are working toward ISO 27001 certification, targeted for Q1 2027. Our internal information security management system is being aligned to the standard's controls today, ahead of external audit.
Talk to our compliance team
Certified
ISO 9001
Quality Management System
Our delivery methodology, documentation, and continuous improvement process are externally certified to the ISO 9001 quality management standard.
View certificate
Aligned
SAMA Cybersecurity
Saudi Central Bank framework
Our banking and fintech engagements deliver against the SAMA Cybersecurity Framework and IT Governance Framework requirements end-to-end.
Read our SAMA practice
On request
Sector-specific
HIPAA · PCI-DSS · NIST CSF
Healthcare, payments, and US-aligned cyber frameworks delivered on demand — typically alongside the regional regulations our clients face first.
Talk to our compliance teamHow we work
Compliance, delivered in four phases.
Every regulated engagement runs through the same four phases — captured, designed, evidenced, sustained.
We map the regulatory baseline.
Discovery covers the frameworks, controls, and audit obligations that apply to your platform — before architecture work begins.
Controls live in the architecture.
Encryption, access, logging, residency, and retention are designed into the platform — not bolted on after a finding.
Every control ships with proof.
Every regulated deployment produces an evidence pack — control mapping, test results, runbooks — ready for an external auditor.
Compliance does not retire.
Managed services, periodic re-assessment, and regulatory-change tracking keep the platform compliant through every renewal cycle.
Need a compliance review?
Whether you are preparing for a PDPL audit, an NCA-ECC assessment, or just need a second-opinion review of your current controls — our team is available.
Certificates & policies
ISO certificates, privacy policy, and high-level control summaries available on request.
[email protected]Report a concern
Suspected privacy issue or security concern with a NAS-delivered platform? Our team responds within 24 hours.
[email protected]