MUSCAT : The accreditation framework supports private sector organisations in complying with the Personal Data Protection Law (No. 6/2022), its Executive Regulation (No. 34/2024), and the standards issued by the ministry for external auditors in the field of data protection.

The ministry said the accreditation of external auditors aims to ensure efficiency and credibility in evaluating institutions’ compliance with personal data protection requirements.

The register of accredited external auditors currently includes SGS and KPMG.

Under the accreditation requirements, auditors must hold a valid commercial registration for external audit activities related to personal data protection, along with ISO/IEC 27001 and ISO/IEC 27701 certifications.

Accredited auditors are also required to have qualified technical teams and certified lead auditors, with the Omanisation rate in technical teams set at a minimum of 30 percent.

Other requirements include maintaining complete audit records and documentation for at least five years, adhering to national laws, and having clear policies covering data protection and confidentiality.

The ministry said the accreditation standards are subject to periodic review and are aligned with international standards in information security and privacy.

For all the latest news from Oman and GCC, follow us on Twitter, Instagram and LinkedIn, like us on Facebook and subscribe to our YouTube page, which is updated daily.