Arbitration cases are inherently confidential. The security architecture of the Tahkeem platform is engineered to guarantee this confidentiality technically — not through paper policies, but through a security architecture integrated into every layer of the system.
All data stored at the database and file level is encrypted with AES-256. All data in transit uses TLS 1.3 — no unprotected pathway into the system.
Each case runs in a logically isolated environment. Parties to one case cannot access data from another — even within the same arbitration center.
RBAC: every user sees and acts only within the scope of their assigned role and cases. Granular, auditable, and enforced at the data layer.
Every action — login, document access, data change — is permanently recorded with user identity, timestamp, and action type. Cannot be altered or deleted.
Signatures built on Public Key Infrastructure: signatory authenticity, document integrity, and non-repudiation — fully compliant with the Saudi E-Transactions Law.
MFA enforced by default for arbitrators and center management. Configurable for all user roles. No single-factor access to sensitive case data.
Compliant with the key regulations applicable to arbitration centers
Processing personal data with explicit consent, clearly defined purposes, data minimization, and full exercise of data subject rights as required by the Saudi PDPL.
Electronic signatures and digital documents fully compliant with the E-Transactions Law — ensuring unambiguous legal validity for all platform-issued awards and procedural documents.
The platform observes the security controls defined by the Saudi National Cybersecurity Authority (NCA) for systems handling institutionally sensitive data.
Cloud hosting on infrastructure within the Kingdom for full data localization compliance, with an On-Premise deployment option for centers requiring data to remain within their own infrastructure.
Protection operates at multiple levels: AES-256 encryption for stored data, TLS 1.3 encryption for data in transit, complete isolation between case environments, strict access control at case and role level, and an immutable audit log for every data access.
Yes. Electronic signatures in the Tahkeem platform comply with Saudi E-Transactions Law standards and use PKI-based digital signing mechanisms that guarantee signatory authenticity, document integrity, and non-repudiation.
Yes. The platform is built with PDPL requirements in mind: processing personal data with explicit consent, defining processing purposes and applying data minimization, full data subject rights for access, correction, and deletion, and data breach notification within the specified timeframes.
Automatic daily backup of all platform data, with additional weekly and monthly copies. Data stored in multiple geographic locations. Target recovery time (RTO) under 4 hours in the event of major failure. RPO under 24 hours. Documented and periodically tested business continuity plan.
Access is governed by role and case together: parties to one case can never see data from another case. An arbitrator sees only the cases assigned to them. Center staff see according to their defined permissions. Tahkeem's technical team has access only to the infrastructure, not case content. Every access is logged in the audit trail.
Book a technical meeting to go through your center's specific security and compliance requirements with our team.