The Saudi Arabian Monetary Authority (SAMA) introduced the SAMA Cyber Security Framework to guide organizations in securing their critical information assets and online services. The move comes as part of the central bank’s efforts to enhance the sound practices in Financial Institutions and ensure compliance to the best standards in the industry. The purpose of establishing the Cyber Security Framework is to improve Cyber Resilience by adopting best practices. The SAMA Cyber Security Framework is a comprehensive framework comprising the best practices of various government frameworks and industry standards including NIST, PCI DSS, ISO 27001/27002, and Basel II. Implementing the Security Framework helps organizations in achieving a minimum level of security to manage and withstand the growing Cyber Security Threats. The Compliance Standard and Framework applies to all Financial Institutions regulated by SAMA who are also known as the Member Organization. This includes all banks, insurance companies, and finance companies that operate within Saudi Arabia.
We sit with your team to understand your business processes and the environment to accordingly consolidate the scope of Compliance.
Taking into account all the relevant business, regulatory, and compliance requirements, our team helps in defining the scope for SAMA Compliance.
Our team of experts will assess the current state of your SAMA CSF Compliance and identify gaps in security controls, systems, and the environment against Compliance requirements.
We conduct a comprehensive Risk Assessment based on the SAMA Cyber Risk Management Framework to identify areas that could possibly be exploited and result in a data breach.
Our team develops effective Risk Treatment Plans to remediate the gaps and risks identified to acceptable levels. We can also assist you in developing and implementing a data breach management response that can blend with your existing Incident Response Plan.
Our Security Analyst will help you build and roll out effective policies and procedures for your organization, in line with SAMA Cyber Security Framework.
Our team of experts will conduct User Training programs for all personnel covered in scope on their specific Compliance responsibilities. Training materials for future use shall be provided.
After a reasonable gestation period, a separate team of audit experts conduct an audit of your setup and ensure all measures are implemented, and identify any deviations from the defined SAMA CSF policies and procedures.
The Saudi Arabian Monetary Authority is the central bank of Saudi Arabia.
In the year 2017, the Saudi Arabian Monetary Authority established a Cyber Security Framework that works as a guide to help Member Organization regulated by SAMA to protect the critical information assets of the organization. It provides a security standard framework that member organizations must implement for defense against cyber threats.
The Cyber Security Framework applies to all Member Organizations regulated by SAMA, which includes the following:
• All Banks operating in Saudi Arabia
• All Insurance and/or Reinsurance Companies operating in Saudi Arabia
• All Financing Companies operating in Saudi Arabia
• All Credit Bureaus operating In Saudi Arabia
• The Financial Market Infrastructure
The SAMA Cyber Security Framework guides Member Organizations with Cyber Security controls to be implemented for protecting the information assets of the Organization. The Information Assets including-
• Electronic information.
• Physical information (hardcopy).
• Applications, software, electronic services, and databases.
• Computers and electronic machines (e.g., ATM).
• Information storage devices (e.g., hard disk, USB stick).
• Premises, equipment, and communication networks (technical infrastructure).
The SAMA Cyber Security Framework is structure around four major control domains. This include
• Cyber Security Leadership and Governance.
• Cyber Security Risk Management and Compliance.
• Cyber Security Operations and Technology.
• Third-Party Cyber Security.
The Cyber Security Framework protects information assets against cyber threats. The Framework enables Member Organization to effectively identify and address risks related to Cyber Security. Further, it helps organizations achieve an appropriate maturity level of Cyber Security controls within the Organizations. The framework will be used as a benchmark to assess the maturity level and evaluate the effectiveness of the Cyber Security controls.
Depending on scope, the average cost of Audit on the SAMA Cyber Security Framework is USD 10,000/-