In our continuous mission for smart and sustainable mobility at Dubai Metro and Dubai Tram, Keolis-MHI is committed to maintaining the highest information security and cybersecurity standards, ensuring the confidentiality, integrity, and availability of the systems and data. This commitment protects our customers, employees, information, reputation, and assets against constantly evolving threats.
Our executive management team is committed to aligning, where applicable, with the Roads and Transport Authority (RTA) Corporate Information Security and Cybersecurity requirements, applicable Dubai and UAE cybersecurity regulations including the Dubai Electronic Security Center (DESC) Information Security Regulation, and relevant international standards such as ISO/IEC 27001 :2022, demonstrating our comprehensive and risk-based approach to information security and cybersecurity.
This policy primarily applies to the Business ICT environment within the defined ISO/IEC 27001 :2022 certification scope supporting Dubai Metro and Dubai Tram. Rail Operational Technology (OT) environments, including safety-critical and operational control systems, are governed through separate operational, safety, and cybersecurity frameworks, aligned with contractual, regulatory, and operational requirements.
Based on Keolis-MHl's core values, code of conduct, and ethical business practices, our Information Security and Cybersecurity Policy for Dubai Metro and Dubai Tram includes the following ongoing efforts:
Communication: Clear and open communication with all stakeholders to ensure a common understanding and shared responsibility for information security and cybersecurity matters.
Integration: Incorporating information security and cybersecurity strategies into our daily operational activities;
Risk Assessment: Regularly assessing our information security and cybersecurity posture and adapting to the ever-changing threat landscape.
Training: Creating an environment focused on information security and cybersecurity through regular training and awareness programs about threats and defence strategies customized for everyone involved with Keolis-MHI;
Incident Management: Promptly reporting, documenting, and investigating any information security and cybersecurity incidents with enhancements guided by lessons learned and insights from our partners or shareholders
Continuous Improvement: Committing to continuous improvement through enhancements in conjunction with the RTA, automation, and embracing digital transformation.
Policy Development: Developing supporting policies and procedures tailored for Dubai Metro and/or Dubai Tram to meet specific information security and cybersecurity requirements, ensuring a comprehensive protection strategy; and
Accountability: Maintaining accountability at all levels with a clear commitment to meeting applicable legal, regulatory, and contractual obligations, including provisions for disciplinary or legal actions in case of policy breaches.
This Corporate Information Security and Cybersecurity Policy is supported by complementary policies and standards, including the Personal Data and Privacy Protection Policy and the Artificial Intelligence Policy. These supporting policies define additional governance, risk management, and compliance requirements for specific domains.
Keolis-MHI is determined to lead in information security and cybersecurity within the railway sector, aligning our ambitions with business objectives to ensure resilience in our digital activities.
This policy, validated by the executive management team of Keolis-MHI, is subject to periodic review to ensure our strategies remain aligned with the latest advancements and threats in information security and cybersecurity.
Play Your Part, Be Cyber Smart!
Last update : 10/04/2026

