MBK Holding

Bank-grade Security

Custody you can audit. Trust we make visible.

MBK Holding governs its portfolio with the same security posture as international banking institutions — engineered for sovereign clients, family offices, and regulated industries.

99.99%

Uptime SLA

AES-256

Encryption

24/7

SOC monitoring

6+

Frameworks

— Trust Architecture

Six layers of control, continuously audited.

Every layer below operates 24/7 across our holding companies and ventures — measured, monitored, and reported to executive leadership monthly.

ISO/IEC 27001

Information Security Management

Information Security Management System aligned to ISO/IEC 27001 — controls audited and continuously improved.

SOC 2 Type II

Audited Operational Trust

Vendor and platform operations evaluated for security, availability, processing integrity, confidentiality and privacy.

AES-256

Encryption at Rest & in Transit

AES-256 encryption at rest, TLS 1.3 in transit. Customer-managed keys available for enterprise mandates.

Zero-Trust

Zero-Trust Architecture

No implicit trust. Identity-aware proxies, hardware-token MFA, least-privilege access, continuous device posture.

GDPR / PDPPL

Regulatory Compliance

Compliant with Qatar's PDPPL (Law 13/2016), GDPR, and international banking data handling standards.

24/7 SOC

Security Operations Centre

Round-the-clock monitoring, threat hunting, incident response and adversarial red-team simulations.

— Governance

Risk, audit and intelligence — under one roof.

Vigilant Entities — an M³ portfolio company — provides discreet risk, security and intelligence services for institutions, family offices and sovereign clients. Their controls are embedded across MBK ventures.

  • Independent third-party penetration testing every quarter
  • Continuous vulnerability disclosure program
  • Hardware-token MFA for all privileged access
  • Quarterly board-level security reviews
/ mbk-soc · live

$ tls.version → 1.3 verified

$ encryption.atRest → AES-256-GCM

$ mfa.enforcement → 100% (hardware token)

$ compliance.iso27001 → active

$ compliance.soc2 → Type II

$ compliance.pdppl → active (Law 13/2016)

$ incidents.open → 0

$ last.audit → 2025-11-14 · clean

// system nominal · custody intact