SAMA Compliance

The SAMA Cyber Security Framework (CSF) is comprehensive standard and combines several industry standards and government regulations across the world, including ISO 27001, NIST, Basel II and PCI DSS.

This thorough framework specifies guidelines aimed at enhancing security for financial institutions under SAMA regulation, including directives concerning the protection of personal data.

By implementing this framework your organisation will be following best practice established by the Saudi Central Bank for risk management and fostering a cybersecurity culture of knowledge and awareness.

Get a Quote
Sama Cybersecurity Framework

SAMA Framework Requirements

In order to achieve compliance with the national cyber security regulations in the Kingdom, several essential actions must be
undertaken across three main pillars: Governance, Personnel and Technology.

The framework is organised into four core domains to include:

Cyber Security Leadership and Governance

Organisations are responsible for creating teams within their workforce who will define cyber security strategies. The assembled committee will then formulate cybersecurity strategy, policy, roles and responsibilities and project management.

Cyber Security Risk Management and Compliance

A cyber security risk management process must be defined, approved and implemented, and aligned with the Member Organisation’s enterprise risk management process. The process should be monitored, reviewed and audited.

Cyber Security Operations and Technology

Member Organisations must safeguard operations, technology and personnel.

Compliance with these cybersecurity requirements should be periodically evaluated for effectiveness of the controls to identify any necessary revisions or adjustments.

Third Party Cyber Security

If your company engages with third-party services, it must ensure there is the same level of protection of third parties as within the Member Organisation.

Requirements should be outlined that must include the monitoring of Third Parties against the security standards.

The implementation of the Framework at the Member Organisation will be subject to a periodic self-assessment based on a questionnaire.

The self-assessment will be reviewed and audited by SAMA to determine the level of compliance with the Framework and the cyber security maturity level of the Member Organisation.

How Your Organisation Can Benefit From
The SAMA Cyber Security Framework

Risk Crew’s Step-by-Step Process to Get You Compliant

This service is crafted to not only guarantee your business’ adherence to the established criteria but also to furnish transparent and easily auditable evidence of compliance, all while minimising any disruption to your business, operations, and resource allocation.

To help your organisation get started with complying with the SAMA Cybersecurity Framework, Risk Crew can provide your organisation with the following;

  • Conduct a Compliance Gap Assessment: We will assess your current information risk management processes, operations, policies, and controls against those recommended by the framework, to identify the current compliance “gap” and then generate a comprehensive report of our findings and recommendations. 
  • Create Activities Roadmap: Your dedicated consultant will create a roadmap that cites specific actions for compliance, proposed action owners, target completion dates and estimated budgets required.

These will result in a solid understanding of the standard and what’s required from your business to comply.

Need assistance with your risk treatment plan and documentation? We’ve got you covered!

  • Create Comprehensive Asset Register: Information assets will be documented citing their sensitivity level, ownership, and IT system locations. The register becomes your risk management inventory.
  • Thorough Threat and Risk Assessment: The Risk Crew’s analysis uncovers threats, predicts impacts, and prescribes solutions, presented in a practical Risk Treatment Plan.
  • Tailored Documentation: Your SAMA consultant will draft a bespoke template for relevant Security Policies and Procedures.

This service provides the framework essential for compliance and is ideal for organisations that have operational resources but specifically lack in-house information security risk management expertise.

  •  

This service helps you implement a culture of cyber security awareness with both your IT team and employees.

  • Conduct Network and Website Security Vulnerability Assessment Scanning: This service is accompanied by an automated vulnerability assessment scanning to identify security weaknesses associated with your business systems and websites.
  • Implement Information Security Awareness Training Program: Risk Crew will provide computer-based information security awareness training to your staff to ensure their understanding of cyber security threats to the business. Face-to-face workshops with cyber security experts are also available in lieu of or to supplement this training depending on your preference.
  • SAMA Internal Audit: Verifying the efficacy of your SAMA compliance management is critical; to this end, we carry out progress reviews of the implementation.

Risk Crew can help you meet this challenge with a variety of support services from delivering on-going requirements such as:

We Don’t Sell Products, We Sell Results.

✓ Competitive and Transparent Pricing

Our service comes with fixed pricing with no unexpected added costs. Additionally, we offer a managed service to conduct penetration testing on a continual basis.

✓ Flexible Delivery

This service can be delivered on-site or remotely using cutting-edge technology to maintain the security of our communications. Whichever method you opt for, quality service and hands-on expertise are provided.

✓ On-going Support

Risk Crew helps you maintain compliance with a variety of support services including risk assessments, security testing and staff awareness training.

✓ 100% Satisfaction Guarantee

We think deeply, question assumptions, detect cause and effect and deliver measurable results. No one else does that. Our deliverables produce metrics you can use to monitor and manage real-world cyber risks.

Our Certifications and Accreditations

Speak With a Consultant Today

Receive a quote for Risk Crew’s SAMA CSF Service or book a complimentary session to evaluate your organisation’s current standing against the framework. 


Risk Crew GRC consultants possess over 30 years of hands-on skills and experience in designing, drafting and implementing effective incident response plans. It’s what we do.

Additionally, our experts possess a wealth of knowledge in creating cost-effective information security management systems (ISMS), enabling quantifiable compliance to established information security legislation, regulation and best commercial practices such as the Payment Card Industry (PCI), Data Security Standards (DSS), the UK Data Protection Act 2018 (DPA 2018), General Data Protection Regulation (GDPR) and ISO/IEC 27001.

 

 

When you choose Risk Crew, you’re electing to work with qualified experts.