Frequently asked questions about HAiCapita

HAiCapita is an AI-native, sovereign Governance, Risk & Compliance (GRC) platform built in Egypt for the MENA region and beyond. It unifies GRC, AI governance, multi-vector phishing simulation and security-awareness training in one platform, and is offered alongside hands-on security consultation.

Yes. AI assistance runs across the compliance lifecycle — drafting policies, gap analysis against frameworks, and a CISO copilot — with guardrails. AI governance itself (ISO/IEC 42001) is a first-class capability, not an add-on.

Yes. The same platform ships two ways from one codebase: multi-tenant SaaS, or a fully air-gapped on-premise deployment with no external egress and no phone-home. Air-gapped entitlements come from a cryptographically signed offline license verified locally with a pre-distributed public key.

HAiCapita supports ISO/IEC 42001 (AI management), ISO 27001/27002/27017/27018, ISO 22301, SOC 2 (Type 2), PCI DSS, NIST CSF, the CBE Financial Cybersecurity Framework (Egypt), NTRA (Egypt), the Egypt Personal Data Protection Law (PDPL), HIPAA and GDPR, among others. Controls are cross-mapped once and satisfied across frameworks, with audit-ready evidence. Formal certificates are issued by independent auditors.

Yes. As an Egypt-based platform, HAiCapita natively supports the CBE Financial Cybersecurity Framework, NTRA requirements and the Egypt Personal Data Protection Law (PDPL), alongside international standards — so Egyptian organizations can run local and global compliance from one place.

Three products that work as one platform: HAiCapita GRC (governance, risk, compliance & AI governance), HAiPhish (multi-vector phishing simulation — email, SMS, QR and voice), and HAi-LMS (security-awareness training with SCORM/xAPI/cmi5 support and verifiable certificates). They are connected by a Human Risk Management loop: assess, train, simulate, score, remediate and report.

Pricing is in Egyptian Pounds (EGP) — the single customer-facing currency across the website and all products. You can start a self-service trial or contact the team for enterprise and air-gapped pricing.

Yes. The entire platform and website are fully bilingual — English and Arabic with right-to-left (RTL) layout — and meet WCAG 2.2 AA accessibility, with Hijri calendar support.

Sovereignty is built in: data and AI operations pass through a sovereignty engine where the tenant's jurisdiction (EG/KSA/QA/UAE) drives behavior, and the air-gapped deployment keeps everything inside your own infrastructure with no external sub-processors. Security is enforced with token-mediating sessions (no usable tokens in the browser), per-request default-deny authorization and a tamper-evident WORM audit trail.