Your data, your Kingdom, your control
Sovereignty is not a configuration flag bolted onto a cloud product — it is an architectural decision made at the foundation. No component of Clario360 depends on a public cloud to function.
Sovereignty you can hand to your auditor
Assurance you can prove — your data in-Kingdom, your regulators satisfied, and your platform running entirely on your terms.
Pass your audit with evidence, not promises
Controls for NCA, SAMA, PDPL and more come pre-mapped. Collect evidence once and satisfy every framework at the same time.
Your data never leaves the Kingdom
Data residency is guaranteed by how the platform is built — hosted in-Kingdom, not by a policy you simply have to trust.
Deploy anywhere, with no lock-in
Run it as managed SaaS, inside your own data centre, or fully air-gapped — the same product, with nothing tying you to a public cloud.
Frameworks mapped, not promised
EHKAM ships with the Kingdom’s frameworks pre-loaded and a unified control library, so evidence collected once satisfies every mapped regulation at the same time.
NCA ECC / CSCC
National Cybersecurity Authority essential and critical controls
SAMA CSF
Saudi Central Bank cybersecurity framework
PDPL
Personal Data Protection Law alignment
ISO 27001
Information-security management baseline
NIST
Control mapping for international alignment
Najiz / ZATCA
Government-platform integration where applicable
SaaS, on-premise, or fully air-gapped
The same platform runs as managed SaaS, inside your data centre, or in a completely disconnected environment — with no drop in capability between them.
SaaS
Fully managed in a sovereign region. Fastest to value, with Clario360 operating the platform for you.
- In-Kingdom hosting
- Managed upgrades & SLOs
- Elastic by tenant
On-premise
Runs inside your own data centre under your control, using the identical components as the managed service.
- Your infrastructure
- Your operations team
- Same codebase as SaaS
Air-gapped
A static-binary core with no cloud-only dependencies, deployable into fully disconnected, classified environments.
- No external calls required
- Static binaries, portable
- Classified-environment ready
Defence built into the platform
The detail your evaluators need — how identity, isolation, audit and encryption are built into the platform, not bolted on.
Identity & access
One IAM with RBAC, federated to your own IdP, enforced at the gateway.
Tenant isolation
Per-tenant event partitions and data boundaries — no cross-tenant reads.
Immutable audit
Every action attested to a tamper-evident, exportable trail.
Encryption in transit
Replication and events compressed, encrypted and resumable.
No cloud-only dependencies. Anywhere.
The replication core is a static binary. The platform runs disconnected. Data stays in-Kingdom by construction — not by policy you have to trust.
Review the controls with our security team
A working session mapped to NCA, SAMA and PDPL — against your environment and your auditors’ requirements.