Frequently Asked Questions

We are headquartered in Dammam, in the Eastern Province of Saudi Arabia, with project delivery across Dammam, Al Khobar, Riyadh, Jeddah, and the wider Kingdom. Our local team handles on-site work and our regional consultants travel for major engagements.

We have active engagements across energy, banking and financial services, government, telecommunications, healthcare, retail, hospitality, manufacturing, and logistics. Our team includes specialists who understand sector-specific regulations and operating constraints.

All client-facing roles are bilingual in English and Arabic. Helpdesk support, project delivery, and creative production are available in either language. Documentation and contracts can be produced in both.

A free 30 to 60-minute discovery call where we understand your environment, goals, and constraints. From there we propose a scope (fixed-price project or ongoing managed service), share an itemized quote, and agree on milestones before any work begins.

Yes, mutual NDAs are standard before any sensitive discussion. We can sign your NDA template or provide ours within one business day.

It depends on the scope. A network refresh runs 2 to 6 weeks, a cloud migration runs 4 to 12 weeks, an enterprise security audit runs 4 to 8 weeks, and a corporate video runs 4 to 8 weeks from kickoff to delivery. Discovery calls always end with an honest timeline estimate.

Yes when required. AWS, Microsoft Azure, Google Cloud, and Oracle Cloud all operate Saudi regions, and we design landing zones that pin storage and processing in-country with documented residency for your compliance team.

Yes — our managed services tier includes round-the-clock helpdesk and on-call escalation for critical incidents. SLAs are defined in the service agreement; the standard tier targets 15 minutes for critical alerts and one hour for high-severity.

Every delivery project includes a 30 to 90-day hyper-care period. Most clients move into an ongoing managed services relationship after that, with monthly reviews and quarterly roadmap sessions. Hand-back to your in-house team is also fully supported.

Yes. Our security team has experience implementing and assessing the NCA ECC across financial services, government, and energy sector engagements. We deliver gap analyses, remediation plans, and the evidence packs the regulator expects.

Yes. We design and operate environments aligned to the SAMA Cyber Security Framework, including private connectivity, hardened identity, multi-region resilience, and the audit trails required for SAMA-regulated institutions.

Yes. We support the full Saudi Aramco Third Party Cybersecurity Compliance Certificate (CCC and CCC+) lifecycle defined under SACS-002: gap assessment against the CCC control framework, remediation planning and implementation, evidence pack preparation, submission through the Aramco e-Marketplace, and biennial renewal.

CCC is the baseline cybersecurity standard all Aramco third-party suppliers must meet. CCC+ is the enhanced tier for suppliers who handle more sensitive or critical Aramco systems and data — it adds stricter controls around data protection, network segmentation, privileged access, and security monitoring. Your Aramco contract or procurement contact will confirm which tier applies.

A typical CCC engagement runs 8 to 14 weeks: 2–3 weeks for gap assessment, 4–8 weeks for remediation, and 2–3 weeks for evidence preparation and e-Marketplace submission. Organizations that already hold ISO 27001 or NCA ECC certification tend to land at the shorter end because many controls overlap.

Project work is fixed-price against an agreed scope. Managed services use a per-user or per-device monthly subscription with three tiers depending on coverage hours, response SLAs, and proactive maintenance depth. We share rate cards on the discovery call and never invoice for work outside the agreed scope without prior approval.