Editorial Policy
Our standards for inclusion, ranking, and conflicts of interest.
Inclusion Criteria
Companies are eligible for consideration in this ranking if they meet all of the following baseline criteria:
- UAE physical presence: A verifiable office and operational delivery staff located in the UAE. A local reseller or sales representative without direct delivery capability does not satisfy this criterion.
- Minimum 3 years of operation: The company must have been delivering cybersecurity services for at least three years, whether in the UAE or internationally with documented UAE client work.
- Active client references: The company must have verifiable active clients in the UAE or the broader MENA region. We do not require public disclosure of client identities, but we must be able to verify active operations through indirect means (LinkedIn, case studies, press releases, regulatory filings).
- Valid relevant accreditations: For penetration testing providers, CREST accreditation is strongly preferred. For managed security providers, ISO 27001 or SOC 2 Type II is required unless the provider is a government-backed entity with equivalent oversight.
Criteria for Removal
A company may be removed from the ranking if:
- It ceases UAE operations or can no longer be verified as operating in the UAE
- A relevant accreditation (CREST, ISO 27001, DESC) lapses and is not renewed within 90 days
- We receive credible evidence of material misrepresentation in the company's public claims (fabricated certifications, false client references)
- The company undergoes a restructuring that materially changes its service offering or UAE delivery capability
Companies are notified prior to removal and given 30 days to provide evidence addressing the grounds for removal.
No Paid Placements
We do not accept payment for any form of listing position, ranking upgrade, "sponsored" or "featured" designation, or editorial influence. All companies in this ranking are evaluated against the same published criteria regardless of any commercial relationship or the absence thereof. If a company contacts us to discuss their ranking position, we will document the contact and ensure that editorial decisions are made independently.
Conflict of Interest Policy
Team members with a prior or current financial relationship with a listed company (employment, consulting, equity) are excluded from scoring that company. In such cases, scoring is completed by a team member with no relationship to the company in question. We maintain an internal conflicts register reviewed quarterly.
Companies that submit for consideration provide the editorial team with additional information. This information is used in the evaluation process only — it does not constitute payment or create any obligation to list the company.
Update Schedule
The full ranking is reviewed quarterly: March, June, September, and December. Factual corrections (wrong URL, outdated service description, changed accreditation status) are applied on a rolling basis as they are identified or reported. The date of the most recent full review is displayed on the homepage.
How to Submit a Correction
If you believe a listing contains a factual error, please contact us via the contact form with: the company name, the specific claim you believe is incorrect, and the corrective information with supporting evidence. We aim to review correction requests within 5 business days.