Service Providers Criteria

1. Commercially registered in mainland Oman Requirement

Mainland commercial registration with relevant activity.
Documents required: Mainland commercial registration with relevant activity.

2. Paid up Capital of at least OMR 60,000

Documents required: Latest audited financial statements of the company.

3. Company or parent company operational (International or Local experience) for at least 1 year for Riyada card holders and at least 2 years in all other cases

Documents required:
- Audited ISO22301 certificate OR commercial registration.
- Riyada card for Riyada card holders.

4. Declaration of no bankruptcy, insolvency and criminal proceedings

Documents required: Self declaration notarized by the Omani court or OCCI.

5. Not subject to a tax debt collection process

Documents required: TMS record will be reviewed by OTA.

6. Technical and Security Requirements

Technical Design Document

  • High Level Architecture (Application, Integration, Infra, Data etc.)
  • Hardware/Software details include current version and upgrade plan
  • Hardware/Software support and SLA details
  • Data hosting location and backup/retention policy

Multifactor Authentication (MFA)

  • User interface screenshots of MFA

Encryption at Rest

  • Screenshot showing encryption at rest is enabled

Encryption in Transit

  • Screenshots of SSL certificate/TLS handshake protocol being enforced

Security Monitoring

  • Product/tools used for security monitoring/SOC/SIEM
  • Incident response plan and SLA
  • Proof of regular security monitoring

ISO/IEC 27001 Certification

  • ISO27001 certificate on Information Security Management System