Compliance Documentation

Need to comply with legal or regulatory standards? Start here.

RECEIVE THE DETAILED CERTIFICATIONS REPORT

BIOS Middle East Certifications

To ensure we maintain high standards in service delivery and are able to provide services that demonstrate value, BIOS is committed to maintaining our own internationally recognised compliance framework.

ISO-IEC 27001 – Information Security Management Systems
ISO/IEC 27001:2013 specifies the requirements for implementing, maintaining, monitoring, and continually improving the ISMS. ISO/IEC 27002:2013 provides guidelines and best practices for information security management; however, an organization can't get certified against ISO/IEC 27002:2013 because it isn't a management standard. The audit vehicle is ISO/IEC 27001:2013, which relies on detailed guidelines in ISO/IEC 27002:2013 for control implementation.

ISO-IEC 27017 – Information Security Controls for Cloud Services
ISO/IEC 27017:2015 is unique in providing guidance for both cloud service providers and cloud service customers. It also provides cloud service customers with practical information on what they should expect from cloud service providers. Customers can benefit directly from ISO/IEC 27017:2015 by ensuring they understand the shared responsibilities in the cloud.

ISO-IEC 27018 – Protection of Personally Identifiable Information (PII) in Public Clouds
ISO/IEC 27017:2015 is unique in providing guidance for both cloud service providers and cloud service customers. It also provides cloud service customers with practical information on what they should expect from cloud service providers. Customers can benefit directly from ISO/IEC 27017:2015 by ensuring they understand the shared responsibilities in the cloud.

ISO 9001 – Quality Management Systems
ISO/IEC 27017:2015 is unique in providing guidance for both cloud service providers and cloud service customers. It also provides cloud service customers with practical information on what they should expect from cloud service providers. Customers can benefit directly from ISO/IEC 27017:2015 by ensuring they understand the shared responsibilities in the cloud.

Cloud Security Alliance – STAR Level One
BIOS Middle East have achieved STAR LEVEL ONE through CSA self-assessment and is working towards STAR GOLD LEVEL. BIOS is registered following the completion of both security and privacy self-assessments. These are based on the Cloud Controls Matrix and the CSA Code of Conduct for GDPR Compliance.

The compliance framework we follow is the same mandate for service providers under the following regional governing bodies:

  • UAE National Cyber Security Standards - NESA
  • The Department of Health (DOH) Abu Dhabi Healthcare Information and Cyber Security (ADHICS) Standard
  • Saudi Arabian Monetary Authority (SAMA) Compliance
  • Communications and Information Technology Commission (CITC) - Saudi Arabia
  • National Cybersecurity Authority (NCA) - Saudi Arabia
  • Payment Card Industry (PCI-DSS) Compliance
  • General Data Protection Regulation - Europe

 

Our Datacenters have the following standards and compliance:

  • SOC 1 Type II
  • SOC 2 Type II
  • ISO 27001
  • PCI DSS
  • OHSAS 18001
  • ISO 9001:2015
  • ISO 22301
  • ISO 14001:1015
  • ISO 50001