Trust & Security
Trust you can verify, not just read.
For government and regulated buyers, claims are not enough. EASTMAR publishes the standards we hold ourselves to, where our certifications stand today, and exactly how your data is protected — in Oman, under Omani jurisdiction.
01Certifications & standards
Where we stand — stated plainly
We would rather show you an honest roadmap than a misleading badge. Each standard below carries its real status today.
- ISO/IEC 27001 On our roadmap
Information Security Management
Our security program is being aligned to the ISO/IEC 27001 control set. Formal certification is targeted, not yet held.
- ISO/IEC 27017 On our roadmap
Cloud Security Controls
Cloud-specific safeguards for our hosted and managed services, building on the 27001 baseline.
- Oman PDPL Coming soon
Personal Data Protection Law
Processing practices designed around Oman’s data-protection framework. Compliance assessment in progress.
- Internal controls Available
Security policy & audit baseline
Documented access, change and incident-response policies are operational today and reviewed on a fixed cycle.
02Data sovereignty
Your data stays in Oman
Sovereignty is more than a server location. It is who can reach your data, under whose law, and on whose terms. These four principles align with the national direction of Oman Vision 2040 for a sovereign digital economy.
- 01
Data residency
Your data is stored and processed in Oman, in facilities we operate. It does not leave the country unless you explicitly direct it to.
- 02
Data access control
Access is least-privilege and logged. Only named, authorised personnel can touch your environment, and every action is auditable.
- 03
Jurisdictional sovereignty
Your data falls under Omani law alone. No foreign jurisdiction or extraterritorial request reaches it through us.
- 04
Operational sovereignty
Infrastructure is operated locally by EASTMAR. You are never dependent on an offshore control plane to run or recover your systems.
03Encryption
Protected in transit, at rest, and by design
-
Encryption in transit
All connections are protected with modern TLS. Traffic between you, our services and our infrastructure is encrypted end to end.
-
Encryption at rest
Stored data is encrypted on disk using industry-standard ciphers, so a physical or backup compromise does not expose readable data.
-
Key management
Keys are generated, rotated and stored separately from the data they protect, with access restricted to authorised operators.
04Service level
One accountable team for the outcome
Software, servers and the infrastructure that runs them are delivered and supported by one accountable team. That means a single service-level commitment across the whole stack — not a chain of vendors pointing at each other when something breaks.
Exact response and uptime targets are set per engagement and written into your agreement.
- Per engagement Uptime target
- One SLA across the stack
- Continuous Monitoring
Talk to an expert
Tell us the outcome you need — we’ll bring the software, the servers, and the security.