Security isn’t a tech problem. It’s a licence-to-operate problem. In the UAE, the Personal Data Protection Law (PDPL) enforcement is tightening and an AI Act is on the horizon.
The gap we see most often: Organisations buy tools but don’t change behaviour. They pass audits but don’t build capability. Cyber isn’t tools. Compliance isn’t paperwork. Both are about people, habits, workflows and decisions.
Security isn’t a tech problem. It’s a licence-to-operate problem. In the UAE, the Personal Data Protection Law (PDPL) enforcement is tightening and an AI Act is on the horizon.
In the UK, the ICO is actively enforcing UK GDPR, FCA operational resilience requirements are live, and the Cyber Security and Resilience Bill is progressing.
We advise, govern and deliver cybersecurity programmes. For technical implementation — pen testing, red teaming, SOC build, vulnerability scanning — we work through specialist delivery partners like OSec. They do the technical work. We govern the programme. You get one accountable relationship.
Before you spend another pound on security, understand where you actually stand. Across people, process, governance and technology.
Security needs a strategy, not just tools. We design the programme architecture that turns scattered security activities into a governed, measurable programme.
We design the security operations your organisation needs and govern the build.
Through our technical delivery partners, we implement the controls and close the gaps. We govern the work. Partners deliver the technical build. Quality stays under Amana’s oversight.
Building AI applications? Using AI tools across your business? The question isn’t whether to adopt AI — it’s whether you’re doing it safely. Most organisations aren’t.
When something gets through, your plan needs to work under real pressure. Most don’t.
Senior security leadership without the permanent overhead. Strategic direction, board reporting, programme governance and vendor oversight.
We don’t do penetration testing. We don’t provide legal opinions. We don’t sell or resell security tools. We’re vendor-independent. We govern the programmes that these activities sit inside. When you need a pen tester, a lawyer or a product, we’ll connect you with a trusted partner.
A future-ready business with a clear, executable strategy. Strong governance for complex programmes, outcome-driven technology, well-designed functions, and a team aligned to sustain change.
Talk To UsBecause security isn’t tools — it’s people, habits and workflows. Tools detect threats. But if your team doesn’t respond properly, if processes have gaps, or if third-party risk isn’t managed, the findings keep coming. We fix the root cause, not just the symptoms.
Yes. Our vCISO service provides strategic security leadership, board reporting, programme oversight and vendor governance — without the permanent overhead. It’s the smart option for most mid-market organisations.
In the UAE: PDPL and DIFC DPL. In Saudi Arabia: NCA ECC-2, SAMA and Saudi PDPL. Cross-border: ISO 27001 and PCI DSS. In the UK: UK GDPR, the Data Protection Act, FCA operational resilience. We also help with cross-border data transfer requirements across all three markets.
Through our technical partner OSec, yes. They do the testing. We scope it, govern it and manage the remediation programme that closes the gaps they find.
It depends on scope, but typically a few weeks of work. We’ll tell you the cost upfront after an initial conversation. No hidden fees, no scope creep.
Not sure where to start? That’s fine. Most of our conversations begin with I’m not sure what we need. We’ll help you figure it out.