Information security management system

Our Commitment to Information Security

At Tarabut, we take a process-driven approach to safeguarding information through our Information Security Management System (ISMS). This includes:

aligned-security-objectives

Aligned Security Objectives

We prioritize and set clear goals to protect all organisation and client data.
risk-management

Risk Management

We implement comprehensive controls that address business risks effectively.
continuous-monitoring

Continuous Monitoring

Regular assessments ensure our ISMS adapts to evolving security challenges.
ongoing-improvements

Ongoing Improvement

We foster continual enhancement through objective metrics and regular evaluations.
organisation-communication

Clear Organisation-wide Communication

We ensure compliance with all statutory and regulatory requirements across our business.
resource-dedication

Resource Dedication

We allocate the necessary resources to monitor, sustain and support our ISMS. 

Measures we take

Through the implementation of robust policies and procedures, we manage information systems and assets securely, meeting legal, regulatory, and contractual obligations. Below are the key components of our ISMS that ensure the highest levels of data protection and security.​

password-1

Encryption​

Tarabut’s encryption standards are derived from industry best practices and the requirements issued by NCA’s National Cryptographic standards, in the Kingdom of Saudi Arabia. Information handled by the organisation is encrypted in transit and at rest. Any information provided by clients which has personally identifiable information (PII) or sensitive information, is additionally encrypted. Access to encryption keys is strictly controlled and maintained through a full audit trail.
lock

Transmission Security

We use encryption protocols such as TLS 1.2 to ensure data security at rest and in transit. All interactions through our REST APIs are secured via HTTPS, and we require all connections to our API servers to use HTTPS to protect information from our servers to the end-user. We encourage Providers to use the same methods to ensure that information is encrypted all the way to you as the end-user.
warning

Vulnerability Management

We conduct automated, continuous vulnerability scanning across our products and systems. Vulnerabilities are classified based on risk (e.g., Critical, High, Medium, Low) using industry standards such as the CVSSv3 score. All vulnerabilities are remediated in accordance with our established Vulnerability Management Policies. If you are a security researcher, please refer to our Vulnerability Disclosure Programme.
variable_remove

Penetration Testing​

Tarabut performs internal and external penetration testing. The organization complies with regulatory and security best practices in penetration testing, network and public facing application penetration tests are conducted by an independent certified third-party every six months. We also perform penetration tests for any significant updates to existing products or before the release of a new product.
export_notes

Logging​

We log all API calls and interactions with our products and services to ensure transparency and accountability. Logs are retained according to regulatory requirements and industry best practices to ensure compliance.​

Information Security Pack  

Tarabut is dedicated to maintaining top-tier information security, offering transparency through our Information Security Pack (InfoSec Pack). This resource provides insights into our measures, controls, and safeguards, helping partners conduct their due diligence. 

Request the InfoSec Pack 

For more information, or to request our InfoSec Pack, please contact infosecpackrequest@tarabut.com. An NDA may be required for access.


Key Security Measures

Comprehensive ISMS

Our Information Security Management System (ISMS) ensures the confidentiality, integrity, and availability of information assets, aligning with industry standards and regulatory requirements.

Proactive Monitoring

Continuous risk assessments, vulnerability management, and incident response planning keep our systems secure.

Employee Training

Ongoing security awareness programs empower staff to identify and address potential threats.

 

Key Security Measures

 

  • ISMS
  • Monitoring
  • Training
  • Testing
  • Protection
  • Certifications
ISMS

Comprehensive ISMS

Our Information Security Management System (ISMS) ensures the confidentiality, integrity, and availability of information assets, aligning with industry standards and regulatory requirements.

Monitoring

Advanced Monitoring

Continuous risk assessments, vulnerability management, and incident response planning keep our systems secure. We implement 24/7 monitoring of threats and vulnerabilities, integrated with automated ticketing systems.

Training

Employee Training

Ongoing security awareness programs empower staff to identify and address potential threats.

Testing

Penetration Testing

Bi-annual assessments by third-party experts to identify potential vulnerabilities.

Protection

Data Protection

Compliance with UK GDPR, Bahrain’s PDPL, UAE’s PDPL, and Saudi Arabia’s PDPL ensures that all customer data is managed with care.

Certifications

Certifications

ISO27001:2022 Certified: Annual audits to maintain high standards.


Core Components of Our ISMS

Governance

Clear roles, board-approved policies, and active management support.

Risk Management

Ongoing assessments and tailored risk treatment plans.

Policies & Procedures

Regularly updated policies guide our security stance.

Asset Management

Protection of assets through their entire lifecycle.

Access Control

Strict enforcement of access rights and user activity monitoring.

Incident Management

Detailed plans for incident handling and recovery.

Business Continuity & Disaster Recovery

Regularly tested plans ensure resilience.

Regional Regulatory Compliance

Have any questions about security?  

If you have any questions about the security measures and standards at Tarabut, please email  

 securityquestions@tarabut.com