At Tarabut, we take a process-driven approach to safeguarding information through our Information Security Management System (ISMS). This includes:

Through the implementation of robust policies and procedures, we manage information systems and assets securely, meeting legal, regulatory, and contractual obligations. Below are the key components of our ISMS that ensure the highest levels of data protection and security.​

Tarabut’s encryption standards are derived from industry best practices and the requirements issued by NCA’s National Cryptographic standards, in the Kingdom of Saudi Arabia. Information handled by the organisation is encrypted in transit and at rest. Any information provided by clients which has personally identifiable information (PII) or sensitive information, is additionally encrypted. Access to encryption keys is strictly controlled and maintained through a full audit trail.

We use encryption protocols such as TLS 1.2 to ensure data security at rest and in transit. All interactions through our REST APIs are secured via HTTPS, and we require all connections to our API servers to use HTTPS to protect information from our servers to the end-user. We encourage Providers to use the same methods to ensure that information is encrypted all the way to you as the end-user.

We conduct automated, continuous vulnerability scanning across our products and systems. Vulnerabilities are classified based on risk (e.g., Critical, High, Medium, Low) using industry standards such as the CVSSv3 score. All vulnerabilities are remediated in accordance with our established Vulnerability Management Policies. If you are a security researcher, please refer to our Vulnerability Disclosure Programme.

Tarabut performs internal and external penetration testing. The organization complies with regulatory and security best practices in penetration testing, network and public facing application penetration tests are conducted by an independent certified third-party every six months. We also perform penetration tests for any significant updates to existing products or before the release of a new product.

We log all API calls and interactions with our products and services to ensure transparency and accountability. Logs are retained according to regulatory requirements and industry best practices to ensure compliance.​

Tarabut is dedicated to maintaining top-tier information security, offering transparency through our Information Security Pack (InfoSec Pack). This resource provides insights into our measures, controls, and safeguards, helping partners conduct their due diligence. 

For more information, or to request our InfoSec Pack, please contact infosecpackrequest@tarabut.com. An NDA may be required for access.