FAQs

Frequently Asked Questions

Quick answers about AHAT — services, accreditations, engagement models, and how to start a conversation. Don't see your question? Reach out and a real person will get back within one business day.

AHAT (Al Holol Al Thakeya) is an Omani SME and Riyadah-registered ICT and cybersecurity company. We deliver five service lines from one team: Cybersecurity Services (managed SOC, SIEM/XDR, IAM, threat intelligence, penetration testing, incident response, vCISO advisory); Cloud Solutions (Azure migration, virtual desktops, managed cloud, hosting for regulated workloads); ICT Infrastructure & Managed Services (network design, cloud integration, 24/7 helpdesk, IT outsourcing); Connectivity Solutions (high-throughput wireless connectivity, up to 20+ Gbps over 20 km); and Technology & Innovation (AI, IoT, autonomous robotics, smart city solutions, laser communication).

Yes. We hold the three credentials that matter most to enterprise and government buyers in Oman:
  • MTCIT-accredited Security Assessment Service Provider (Ministry of Transport, Communications and Information Technology)
  • ISO 27001:2022 certified for information security management
  • Active TRA Telecom Services License No. 498/2025

We are also classified Excellent Grade by the Oman Tender Board and registered under the Joint Supplier Registration System (JSRS).

Our MTCIT approved-provider listing can be verified on the Ministry's public register under ALHOLOL ALTHAKEYA INTERNATIONAL.

Headquartered in Muscat, Oman, with active operations in Dubai, UAE since 2025. We serve customers across the GCC, with a primary focus on the Sultanate of Oman and the United Arab Emirates.

Both. Every cybersecurity offering is available as either an ongoing Managed Service (retainer with continuous monitoring, tuning, and reporting) or a One-Time Project (fixed-scope deployment, training, and handover). The same flexibility applies to most of our cloud and ICT services. The Cybersecurity Services page has a side-by-side comparison of both engagement models.

Government entities, banking and financial services, education, energy, manufacturing, and enterprise across the GCC. Service tracks for data residency, compliance reporting, and regulated workloads are specifically tuned for government and financial-sector requirements.

Yes. Our in-house Managed SOC (launched in 2023) provides 24/7 monitoring, threat detection, and incident response. We operate SIEM/XDR aligned with the MITRE ATT&CK framework and ISO 27001 standards. Available as a monthly retainer or as a one-time platform deployment with handover.

Three ways to reach us:

Most engagements begin with a 30-minute scoping call so we understand your environment and requirements before proposing a scope and price.

Our team operates in both English and Arabic. The website is currently English-only; an Arabic-language version is on the 2026 roadmap. Sales calls, technical documentation, and signed agreements can be conducted in either language.

Yes. Our Cloud Solutions practice includes hosting tuned for Oman's data residency requirements, which is critical for government and financial-sector workloads. We deliver Azure migrations with regional residency, on-prem and private-cloud builds, and virtual desktop infrastructure (VDI) for regulated environments.

Costs vary with scope, scale, and engagement model (managed retainer vs one-time project). We provide a fixed proposal after a 30-minute scoping call to understand your environment and requirements. Contact us for an estimate.

MTCIT (the Ministry of Transport, Communications and Information Technology) maintains a public register of accredited Security Assessment Service Providers. The accreditation signals that a firm has been vetted against corporate-standing, technical-capability, and process-discipline criteria for regulated security work in Oman. Most government tenders and regulated-sector engagements require it. AHAT is listed under ALHOLOL ALTHAKEYA INTERNATIONAL.

A typical mid-sized external penetration test runs 5–10 business days for the active testing window, plus 3–5 days for reporting. Web-application tests vary with the size of the application surface. Internal and Red Team engagements run longer. We scope each test against your actual estate and provide a fixed time and cost up front — not an estimate that drifts during execution.

Yes. AHAT offers virtual CISO engagements as part of the Cybersecurity Services practice. A vCISO sets the security strategy, owns the risk register, presents to the board or audit committee, and runs the security programme — delivered as a monthly retainer rather than a full-time executive hire. Engagements typically run from 2 to 8 days per month depending on the maturity of the security programme.

SIEM (Security Information and Event Management) is a platform that collects and correlates security data. XDR (Extended Detection and Response) extends EDR's endpoint focus to network, identity, and cloud — broader visibility, often with built-in response automation. MDR (Managed Detection and Response) is a delivery model where a service provider operates EDR/XDR for you with 24/7 analyst coverage. AHAT's Managed SOC delivers MDR using SIEM and XDR tooling.

Our standard Managed Security Operations Centre engagement carries written SLAs for time-to-acknowledge (10 minutes for P1 incidents), time-to-investigate (within 1 hour for P1), and time-to-contain (within 4 hours for P1, scope-dependent). Specific SLA tiers and credit terms are agreed in the engagement contract; we don't ship vague 'best-effort' language.

Yes. AHAT's Cloud Solutions practice handles cross-cloud and on-prem-to-cloud migrations end-to-end — assessment, target-architecture design, migration wave planning, data migration, application refactoring where required, and post-migration operations. We work primarily with Azure and AWS, with Google Cloud experience for specific workloads. Multi-cloud landing zones are common in our engagements.

It depends on data residency, regulatory requirements, scale variability, and operating cost. Azure (with regional data residency) is the right choice for most enterprise workloads — managed services, elastic scale, and security tooling are hard to match on-prem. On-prem still wins for sovereignty-sensitive workloads, ultra-low-latency control systems, and certain compliance scenarios. We help map each workload to the right deployment model before committing to a one-size-fits-all architecture.

Yes. AHAT delivers VDI on Azure Virtual Desktop and on-prem hyperconverged platforms. VDI is commonly used in regulated environments because data never leaves the data centre, on field teams where laptops are inconvenient, and across multi-site organisations that want one consistent desktop image. Our engagements include identity integration, application packaging, profile management, and ongoing operations.

We run continuous cost analysis as part of managed cloud engagements — rightsizing, reserved-instance or savings-plan recommendations, spot/preemptible adoption where workloads tolerate it, and tagging discipline so the cost-per-business-unit story stays clean. A typical first cost-optimisation pass on an unmanaged cloud estate finds 20–35% of the bill is recoverable without changing application behaviour.

Point-to-point microwave / millimetre-wave links from 1 Gbps to 20+ Gbps, depending on distance and licensed-band availability. We have delivered 20+ Gbps links over 20 km in Oman where fibre wasn't an option. For shorter distances, free-space optical (laser) links push higher throughput with no spectrum licensing.

Yes. For sites where fibre and microwave aren't feasible, we deliver VSAT and modern LEO satellite connectivity, paired with on-site power and redundancy where required. Remote-site engagements typically also include site management, monitoring, and a contracted SLA — connectivity in interior Oman is rarely a 'plug it in and walk away' delivery.

FSO (free-space optical) uses modulated light beams between line-of-sight terminals — fibre-grade bandwidth, no spectrum licensing, but rain and fog can affect availability. Microwave / mmWave wireless uses radio bands — lower peak bandwidth than FSO but more weather-tolerant and longer range. We use FSO for short, dense campus links and microwave for longer or weather-sensitive routes; sometimes both with automatic failover.

Yes. AHAT's 24/7 service desk provides multi-tier support (L1, L2, L3) in English and Arabic with named SLAs and ITIL-aligned processes. Standard tiers cover end-user support, infrastructure operations, application support, and escalation routes into the SOC and NOC. Pricing scales with number of supported users and tier mix.

Yes — full IT outsourcing is a standard offering under our ICT Infrastructure & Managed Services practice. Engagements range from end-user computing only (helpdesk, devices, licences) to full-stack operations (network, data centre, applications, security). We deliver as a managed retainer with clear deliverables and named SLAs, not an open-ended body-shop arrangement.

Microsoft, Amazon Web Services, Google Cloud, Dell Technologies, Sophos, Tenable, Red Hat, and Huawei are our named technology partners across the service lines. Beyond those, we deliver vendor-agnostic engagements drawing on Cisco, Aruba, Juniper, HPE, Fortinet, and others as the engagement design requires.

Yes. The Technology & Innovation practice delivers custom AI / ML solutions — computer vision, NLP, predictive analytics, generative AI integrations — across Azure, AWS, and on-prem inference deployments. Engagements range from proof-of-concept builds to production pipelines with MLOps tooling. Use cases we've deployed include document understanding, video analytics, and decision-support for industrial operations.

Yes. Our IoT practice covers end-to-end deployments — sensors, gateways, connectivity, ingest platform, analytics, dashboards — for utilities, transport, smart buildings, and industrial monitoring. Smart-city engagements typically combine IoT with AI and our connectivity stack (wireless, FSO, satellite) into a single integrated platform. Vision 2040 alignment is a frequent driver.

Yes for managed-service engagements. Standard SLA tiers cover availability, response time, and resolution time, with service-credit terms tied to missed targets. Specific credit structures are agreed in the engagement contract — we don't ship boilerplate SLAs without aligning them to the customer's actual operational impact.

Yes. AHAT is Riyadah-registered under Oman's national SME development programme, administered by ASMED (the Authority for Small and Medium Enterprises Development). Riyadah registration certifies SME status and unlocks the SME procurement preferences in Oman Tender Board processes. We are also classified Excellent Grade by the Tender Board and registered under the Joint Supplier Registration System (JSRS).

AHAT is the trading name and registered trademark (TM No. 155072, valid 2022–2032) of ALHOLOL ALTHAKEYA INTERNATIONAL LLC, a limited liability company incorporated in the Sultanate of Oman in 2021. Commercial Registration No. 1392110, VATIN 1739943. The full legal entity name is required on tax invoices, contracts, and letters of award — the trading name 'AHAT' is used in marketing and day-to-day business communication.

Need Our Services? Let’s Connect

    FAQs | AHAT — ICT, Cloud & Cybersecurity in Oman