TW Infosec

DESC ISR compliance

Meet the Dubai Electronic Security Center's Information Security Regulation.

The Dubai Electronic Security Center sets the Information Security Regulation (ISR) that Dubai government entities — and the organisations that work with them — must meet. We interpret the ISR for your context, remediate the gaps, and prepare the evidence DESC expects, so compliance supports the work rather than getting in its way.

What DESC ISR is

DESC's Information Security Regulation (ISR) is Dubai's mandated security standard for government entities and, by extension, their suppliers and partners. It defines controls across governance, risk, access, operations and incident management, aligned to Dubai's smart-city and digital-government ambitions.

Who needs it

Dubai government entities and the private organisations that provide services to them or connect to their systems. If you're bidding for or delivering Dubai government work, ISR compliance is typically part of the deal.

How we help

  • Gap analysis against the ISR control set
  • Governance, risk and policy development
  • Technical remediation and hardening
  • Incident-response and operational controls
  • Evidence preparation for DESC review
  • Independent validation of controls

FAQ

DESC ISR — FAQs

Who needs to comply with DESC ISR?

Dubai government entities and their service providers and partners. If your organisation delivers to or integrates with Dubai government systems, ISR compliance is usually required.

How is DESC different from NESA/SIA?

NESA/SIA is the federal UAE information-assurance standard; DESC's ISR is Dubai-specific for the emirate's government ecosystem. They overlap heavily, and we align your programme so one effort satisfies both where possible.

Start with a paid, tightly scoped pilot

Prove whether your controls actually work.

Book a diagnostic assessment or an executive AI-risk tabletop. We'll show you the exploitable attack paths that matter — and how to close them.

Emergency response

Facing an active incident or suspected AI compromise? Reach our response coordination line directly.

Report an Incident

[email protected]