The document outlines the Standards for Accreditation of External Auditors in the Field of Personal Data Protection in the Sultanate of Oman (September 2025 edition), issued by the Ministry of Transport, Communications, and Information Technology.

Key Points

• Aims to ensure the competence and credibility of external auditors assessing organizations’ compliance with the Personal Data Protection Law (Royal Decree 6/2022) and its Executive Regulation (Ministerial Decision 34/2024).
• Requirements for auditors include:
  • An active commercial registration in Oman for at least 12 months.
  • ISO/IEC 27001 and ISO/IEC 27701 certifications.
  • A qualified technical team and a certified lead auditor.
  • Comprehensive documentation of audit processes and a record-keeping policy for at least five years.
  • Full compliance with national data protection laws and a clear data protection and confidentiality policy.
• The document is subject to periodic review by the Ministry and aligns with international standards for information security and privacy.

Accreditation Standards for External Auditors in the Field of Personal Data Protection : EN AR CHECKLIST