Which standards and regulations does MAST Consulting Group cover?

MAST covers 60+ frameworks including ISO/IEC 27001, 27701, 22301, 20000-1 and 42001, SOC 1 and SOC 2, PCI DSS, GDPR and HIPAA, plus regional regulations across the UAE (CBUAE, DESC, DIFC, ADGM, NCEMA 7000, UAE IAF, UAE PDPL), Saudi Arabia (SAMA CSF, NCA ECC/CCC/OTCC, CST CCRF, KSA PDPL, SDAIA) and India (RBI, SEBI, IRDAI, CERT-In, DPDPA, MeitY).

Do you provide both ISO 27001 implementation and audit support?

Yes. We design and operationalise the ISMS, run internal audits and management reviews, and support Stage 1 and Stage 2 certification with accredited bodies. Most clients certify in 12 to 16 weeks.

Can MAST help with UAE CBUAE, DESC and ADHICS compliance?

Yes. Our UAE-based consultants deliver CBUAE Information Security, IT Risk and Outsourcing programmes, DESC ISR and Cloud Security, ADHICS v2 for healthcare entities, and UAE IAF for federal and Abu Dhabi government entities.

Do you cover Saudi Arabia's NCA ECC, SAMA CSF and PDPL?

Yes. We deliver NCA ECC, CCC and OTCC controls implementation, SAMA Cybersecurity, Business Continuity and Technology Risk Frameworks, and KSA Personal Data Protection Law readiness for financial and critical-sector entities.

Can a single engagement cover multiple frameworks?

Yes. We rationalise overlapping ISO, PCI, SOC 2, NIST, CBUAE, SAMA, NCA and ADHICS obligations into a single integrated control framework with one risk register and one evidence set — typically reducing audit fatigue by 30 to 40 percent.

SAMA CSF — SAMA Cyber Security Framework

Standards & Regulations

Every framework that matters to regulated enterprises — covered end to end.

MAST consultants are certified across the global standards and regional regulations our clients are measured against. Browse the full list, or talk to us about a specific obligation.

Rows of compliance binders representing ISO, SOC, PCI, GDPR and regional regulatory frameworks covered by MAST.

Core standards we implement & certify

ISO/IEC 20000-1

IT Service Management

Scope & ApplicabilityControls & RequirementsImplementation RoadmapAudit & CertificationFAQs

ISO 22301

Business Continuity

Scope & ApplicabilityControls & RequirementsImplementation RoadmapAudit & CertificationFAQs

ISO/IEC 27001

Information Security

Info & Cyber Security

Scope & ApplicabilityControls & RequirementsImplementation RoadmapAudit & CertificationFAQs

ISO/IEC 27701

Privacy Information

Data Privacy & Protection

Scope & ApplicabilityControls & RequirementsImplementation RoadmapAudit & CertificationFAQs

ISO/IEC 42001

AI Management System

AI Governance

Scope & ApplicabilityControls & RequirementsImplementation RoadmapAudit & CertificationFAQs

SOC 2 Type 1

SOC 2 Type 1 (Design of Controls)

Assurance & Attestation

Scope & ApplicabilityControls & RequirementsImplementation RoadmapAudit & CertificationFAQs

SOC 2 Type 2

SOC 2 Type 2 (Operating Effectiveness)

Assurance & Attestation

Scope & ApplicabilityControls & RequirementsImplementation RoadmapAudit & CertificationFAQs

UAE IAF

UAE Information Assurance Framework

UAE Regulatory

Scope & ApplicabilityControls & RequirementsImplementation RoadmapAudit & CertificationFAQs

ADHICS v2

Abu Dhabi Healthcare Information & Cyber Security Standard v2

Healthcare

Scope & ApplicabilityControls & RequirementsImplementation RoadmapAudit & CertificationFAQs

SAMA CSF

SAMA Cyber Security Framework

KSA Regulatory

Scope & ApplicabilityControls & RequirementsImplementation RoadmapAudit & CertificationFAQs

NCA ECC

NCA Essential Cybersecurity Controls

KSA Regulatory

Scope & ApplicabilityControls & RequirementsImplementation RoadmapAudit & CertificationFAQs

NCEMA 7000

NCEMA AE/SCNS/NCEMA 7000 Business Continuity

UAE Regulatory

Scope & ApplicabilityControls & RequirementsImplementation RoadmapAudit & CertificationFAQs

UAE PDPL

UAE Personal Data Protection Law

Data Privacy & Protection

Scope & ApplicabilityControls & RequirementsImplementation RoadmapAudit & CertificationFAQs

KSA PDPL

KSA Personal Data Protection Law

Data Privacy & Protection

Scope & ApplicabilityControls & RequirementsImplementation RoadmapAudit & CertificationFAQs

GDPR

General Data Protection Regulation

Data Privacy & Protection

Scope & ApplicabilityControls & RequirementsImplementation RoadmapAudit & CertificationFAQs

HIPAA

Health Insurance Portability and Accountability Act

Healthcare

Scope & ApplicabilityControls & RequirementsImplementation RoadmapAudit & CertificationFAQs

Deep dive — every standard, four layers

Regional & sector regulations (50)

50 results

GCC(22)

Regulation / Standard	Regulator	Country	Domain
ADGM Data Protection Regulations ADGM Financial Services Regulatory Authority	ADGM Financial Services Regulatory Authority	United Arab Emirates	Data Privacy & Protection
CBUAE AI / ML Guidance Central Bank of the UAE	Central Bank of the UAE	United Arab Emirates	AI Governance
CBUAE Business Continuity Standards Central Bank of the UAE	Central Bank of the UAE	United Arab Emirates	Business Continuity
CBUAE Information Security Regulation Central Bank of the UAE	Central Bank of the UAE	United Arab Emirates	Information Security
CBUAE IT Risk Regulation Central Bank of the UAE	Central Bank of the UAE	United Arab Emirates	Financial Services
CBUAE Outsourcing Regulation Central Bank of the UAE	Central Bank of the UAE	United Arab Emirates	Financial Services
CST Cloud Computing Regulatory Framework Communications, Space & Technology Commission	Communications, Space & Technology Commission	Saudi Arabia	Cloud Security
DESC Cloud Security Standard Dubai Electronic Security Center	Dubai Electronic Security Center	United Arab Emirates	Cloud Security
DIFC Data Protection Law DIFC Authority	DIFC Authority	United Arab Emirates	Data Privacy & Protection
Dubai DESC Information Security Regulation Dubai Electronic Security Center	Dubai Electronic Security Center	United Arab Emirates	Information Security
KSA Personal Data Protection Law Saudi Data & AI Authority	Saudi Data & AI Authority	Saudi Arabia	Data Privacy & Protection
NCA Cloud Cybersecurity Controls (CCC-1) National Cybersecurity Authority	National Cybersecurity Authority	Saudi Arabia	Cloud Security
NCA Essential Cybersecurity Controls (ECC-1) National Cybersecurity Authority	National Cybersecurity Authority	Saudi Arabia	Cybersecurity
NCA OT Cybersecurity Controls (OTCC-1) National Cybersecurity Authority	National Cybersecurity Authority	Saudi Arabia	OT / ICS Security
NCEMA 7000 — Business Continuity Standard National Emergency Crisis & Disasters Management Authority	National Emergency Crisis & Disasters Management Authority	United Arab Emirates	Business Continuity
SAMA Business Continuity Framework Saudi Central Bank (SAMA)	Saudi Central Bank (SAMA)	Saudi Arabia	Business Continuity
SAMA Cybersecurity Framework Saudi Central Bank (SAMA)	Saudi Central Bank (SAMA)	Saudi Arabia	Financial Services
SAMA Technology Risk Framework Saudi Central Bank (SAMA)	Saudi Central Bank (SAMA)	Saudi Arabia	Risk Management
SDAIA AI Ethics Principles Saudi Data & AI Authority	Saudi Data & AI Authority	Saudi Arabia	AI Governance
UAE Information Assurance Framework Telecom & Digital Government Regulatory Authority	Telecom & Digital Government Regulatory Authority	United Arab Emirates	Cybersecurity
UAE IoT Security Policy Telecom & Digital Government Regulatory Authority	Telecom & Digital Government Regulatory Authority	United Arab Emirates	Cybersecurity
UAE Personal Data Protection Law UAE Data Office	UAE Data Office	United Arab Emirates	Data Privacy & Protection

Global(19)

South Asia(9)

Regulation / Standard	Regulator	Country	Domain
Aadhaar Data Protection Requirements Unique Identification Authority of India	Unique Identification Authority of India	India	Data Privacy & Protection
CERT-In Directions 2022 Indian Computer Emergency Response Team	Indian Computer Emergency Response Team	India	Cybersecurity
Digital Personal Data Protection Act 2023 Ministry of Electronics and Information Technology	Ministry of Electronics and Information Technology	India	Data Privacy & Protection
IRDAI Cybersecurity Guidelines Insurance Regulatory and Development Authority of India	Insurance Regulatory and Development Authority of India	India	Financial Services
MeitY Responsible AI Guidance Ministry of Electronics and Information Technology	Ministry of Electronics and Information Technology	India	AI Governance
RBI Cybersecurity Framework Reserve Bank of India	Reserve Bank of India	India	Financial Services
RBI Digital Payment Security Controls Reserve Bank of India	Reserve Bank of India	India	Financial Services
RBI Outsourcing Guidelines Reserve Bank of India	Reserve Bank of India	India	Financial Services
SEBI Cybersecurity Framework Securities and Exchange Board of India	Securities and Exchange Board of India	India	Financial Services

Deep dive — every regulation, four layers

Each regulation below is summarised across four layers — context and applicability, scope and controls, our delivery approach, and the business impact. Designed to give buyers, boards, auditors and search engines a complete, structured answer in one place.

Discuss a specific framework

Frequently asked questions

Regulation / Standard	Regulator	Country	Domain
CIS Controls Center for Internet Security	Center for Internet Security	Global / International	Cybersecurity
COBIT ISACA (COBIT)	ISACA (COBIT)	Global / International	IT Service Management
GDPR — EU General Data Protection Regulation European Commission (GDPR)	European Commission (GDPR)	Global / International	Data Privacy & Protection
IEC 62443 — OT/ICS Security International Electrotechnical Commission	International Electrotechnical Commission	Global / International	OT / ICS Security
ISO 22301 — Business Continuity Management International Organization for Standardization	International Organization for Standardization	Global / International	Business Continuity
ISO 31000 — Risk Management International Organization for Standardization	International Organization for Standardization	Global / International	Risk Management
ISO/IEC 20000-1 — IT Service Management International Organization for Standardization	International Organization for Standardization	Global / International	IT Service Management
ISO/IEC 27001 — Information Security Management International Organization for Standardization	International Organization for Standardization	Global / International	Information Security
ISO/IEC 27002 — Information Security Controls International Organization for Standardization	International Organization for Standardization	Global / International	Information Security
ISO/IEC 27005 — Information Security Risk Management International Organization for Standardization	International Organization for Standardization	Global / International	Risk Management
ISO/IEC 27701 — Privacy Information Management International Organization for Standardization	International Organization for Standardization	Global / International	Data Privacy & Protection
ISO/IEC 42001 — AI Management System International Organization for Standardization	International Organization for Standardization	Global / International	AI Governance
NIST AI Risk Management Framework National Institute of Standards and Technology	National Institute of Standards and Technology	Global / International	AI Governance
NIST Cybersecurity Framework National Institute of Standards and Technology	National Institute of Standards and Technology	Global / International	Cybersecurity
PCI DSS PCI Security Standards Council	PCI Security Standards Council	Global / International	Financial Services
SOC 1 Type 1 American Institute of CPAs (SOC reports)	American Institute of CPAs (SOC reports)	Global / International	Financial Services
SOC 1 Type 2 American Institute of CPAs (SOC reports)	American Institute of CPAs (SOC reports)	Global / International	Financial Services
SOC 2 Type 1 American Institute of CPAs (SOC reports)	American Institute of CPAs (SOC reports)	Global / International	Information Security
SOC 2 Type 2 American Institute of CPAs (SOC reports)	American Institute of CPAs (SOC reports)	Global / International	Information Security

Every framework that matters to regulated enterprises — covered end to end.

ISO/IEC 20000-1 — IT Service Management

ISO 22301 — Business Continuity

ISO/IEC 27001 — Information Security

ISO/IEC 27701 — Privacy Information

ISO/IEC 42001 — AI Management System

SOC 2 Type 1 — SOC 2 Type 1 (Design of Controls)

SOC 2 Type 2 — SOC 2 Type 2 (Operating Effectiveness)

UAE IAF — UAE Information Assurance Framework

ADHICS v2 — Abu Dhabi Healthcare Information & Cyber Security Standard v2