UAE

Information Security Regulation (ISR) Regulates Information Security laws and regulations in UAE. The goal of the Information Security Regulation is to establish standards to all Dubai Government Entities in order to maintain the continuation of important business processes and to minimise information security-related risks and damages by preventing and/or mitigating information security incidents. It aims to ensure an adequate level of confidentiality, integrity, and availability for information handled by Dubai Government Entities.

Eshield Provides a wide range of services to our clients in the Middle East including but not limited to:

  • NESA IA: To align and direct national cybersecurity efforts, the UAE Government created the National Electronic Security Authority (NESA) to improve our national cybersecurity, and protect our national information and communications infrastructure. As part of this mandate, NESA developed the UAE Information Assurance (IA) Standards to provide requirements for raising the minimum level of IA across all relevant entities in the UAE. Reference
  • Abu Dhabi Information Security Standards: The Department of Health (DOH) has established the Abu Dhabi Healthcare Information and Cyber Security (ADHICS) Standard as a strategic initiative in support of DOH’s vision and Federal/National mandates, endorsed by DOH’s Executive Committee. The provisions of this Standard are harmonized with international healthcare industry standards for Information Security. Reference
  • UAE Data Protection Law(DPL): The Personal Data Protection Law, Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data, constitutes an integrated framework to ensure the confidentiality of the information and protect the privacy of individuals in the UAE. It provides proper governance for data management and protection and defines the rights and duties of all parties concerned. Reference
  • ADGM Data Protection Regulations 2021 (“DPR”): This Guidance aims to explain how the DPR 2021 work and help you understand how your organization can comply with them. It will not tell you exactly what to do because the DPR 2021 recognises that every organization is different, and therefore allow for some flexibility. This flexibility means that you need to think about, and take responsibility for, the specific ways you use personal data. Whether and how you comply depends on exactly why and how you use the data. There is often more than one way to comply with the DPR 2021. Reference
  • DHCC Data Protection Regulation No. 7 of 2008) (“HDPR”): The purpose of this Health Data Protection Regulation is to promote and protect Patient Health Information and, in particular, to: (1) establish certain principles with respect to the collection, use and disclosure by the DHCA and Licensees within DHCC, of Patient Health Information; (2) establish certain principles with respect to access by each Patient to his Patient Health Information held by the DHCA and Licensees; (3) create a safe environment where health information systems are used to produce relevant and good quality information in support of the delivery of Healthcare Services; (4) promote a flexible approach to the protection of Patient Health Information while avoiding the creation of unnecessary barriers to the flow of Patient Health Information to appropriate parties; and (5) establish a complaints mechanism for the investigation of complaints regarding Patient Health Information. Reference
  • PCI DSS: The PCI Security Standards Council (PCI SSC) is a global forum that brings together payments industry stakeholders to develop and drive the adoption of data security standards and resources for safe payments worldwide. The PCI SSC’s mission is to enhance global payment account data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders. We achieve this with a strategic framework to guide our decision-making process and ensure that every initiative is aligned with our mission and supports the needs of the global payments industry. Reference
  • Central Bank Consumer Protection Standards Bank’s Consumer Protection Regulation: The primary objective of the regulation is to protect consumers and contribute to the overall stability of the financial services industry. The law aims to strengthen governance, promote responsible financing practices, and protect consumer rights. The Regulation comprises 15 articles, providing information about the minimum measures all financial institutions are required to take to protect customers’ data. Reference
  • Information and Communications Technology(ICT) in Health Fields Law: The Federal Law No. 2 of 2019 on the Use of Information and Communications Technology in Healthcare (‘ICT Health Law’) regulates the use of ICT in the healthcare sector throughout the United Arab Emirates (‘UAE’) including in free zones with the following four aims of: ensuring the optimal use of information and communications technology in the health sector; ensuring that the bases, standards, and practices adopted are in line with their internationally adopted counterparts; enabling the Ministry of Health and Prevention (‘Ministry’) to collect, analyze and maintain health information at the country level; and ensuring the security and safety of health data and information. Reference

Our services include consulting, assessment, and support services.

Please visit our Services page for a full range of services offered, and for more info: Contact us