SAMA Compliance

The Saudi Arabian Monetary Authority (SAMA) introduced the SAMA Cyber Security Framework to guide organizations in securing their critical information assets and online services. The move comes as part of the central bank’s efforts to enhance the sound practices in Financial Institutions and ensure compliance to the best standards in the industry.  The purpose of establishing the Cyber Security Framework is to improve Cyber Resilience by adopting best practices. The SAMA Cyber Security Framework is a comprehensive framework comprising the best practices of various government frameworks and industry standards including NIST, PCI DSS, ISO 27001/27002, and Basel II. Implementing the Security Framework helps organizations in achieving a minimum level of security to manage and withstand the growing Cyber Security Threats. The Compliance Standard and Framework applies to all Financial Institutions regulated by SAMA who are also known as the Member Organization. This includes all banks, insurance companies, and finance companies that operate within Saudi Arabia.


    Our Approach to SAMA Compliance

    Initial Kickoff
    Initial Kickoff

    We sit with your team to understand your business processes and the environment to accordingly consolidate the scope of Compliance.

    Scope Definition
    Scope Definition

    Taking into account all the relevant business, regulatory, and compliance requirements, our team helps in defining the scope for SAMA Compliance.

    Gap Assessment
    Gap Assessment

    Our team of experts will assess the current state of your SAMA CSF Compliance and identify gaps in security controls, systems, and the environment against Compliance requirements.

    Risk Assessment
    Risk Assessment

    We conduct a comprehensive Risk Assessment based on the SAMA Cyber Risk Management Framework to identify areas that could possibly be exploited and result in a data breach.

    Risk Treatment Plan
    Risk Treatment Plan

    Our team develops effective Risk Treatment Plans to remediate the gaps and risks identified to acceptable levels. We can also assist you in developing and implementing a data breach management response that can blend with your existing Incident Response Plan.

    Policy & Procedure rollout support
    Policy & Procedure rollout support

    Our Security Analyst will help you build and roll out effective policies and procedures for your organization, in line with SAMA Cyber Security Framework.

    User Training
    User Training

    Our team of experts will conduct User Training programs for all personnel covered in scope on their specific Compliance responsibilities. Training materials for future use shall be provided.

    SAMA Compliance Audit
    SAMA Compliance Audit

    After a reasonable gestation period, a separate team of audit experts conduct an audit of your setup and ensure all measures are implemented, and identify any deviations from the defined SAMA CSF policies and procedures.

    SAMA Compliance

    Why work with VISTA InfoSec?

    Audit certificate and report released from our US office for maximum market branding and acceptability of your organization.
    Vendor-neutral Consultancy & Advisory Service Company.
    Strict no Outsourcing Policy.
    Provide secure Cloud-based portal with two-factor authentication for reporting and progress tracking.
    Specialize in Risk Management, Compliance Solutions, and Consultancy Services.
    Focus on Cyber Resilience, Data Protection, and Cyber Security Solutions.
    Pragmatic Approach towards achieving Compliance.
    More than a decade of industry experience and expertise.
    Frequently Asked Questions

    Frequently Asked Questions on SAMA Compliance

    The Saudi Arabian Monetary Authority is the central bank of Saudi Arabia.

    In the year 2017, the Saudi Arabian Monetary Authority established a Cyber Security Framework that works as a guide to help Member Organization regulated by SAMA to protect the critical information assets of the organization. It provides a security standard framework that member organizations must implement for defense against cyber threats.

    The Cyber Security Framework applies to all Member Organizations regulated by SAMA, which includes the following:
    • All Banks operating in Saudi Arabia
    • All Insurance and/or Reinsurance Companies operating in Saudi Arabia
    • All Financing Companies operating in Saudi Arabia
    • All Credit Bureaus operating In Saudi Arabia
    • The Financial Market Infrastructure

    The SAMA Cyber Security Framework guides Member Organizations with Cyber Security controls to be implemented for protecting the information assets of the Organization. The Information Assets including-
    • Electronic information.
    • Physical information (hardcopy).
    • Applications, software, electronic services, and databases.
    • Computers and electronic machines (e.g., ATM).
    • Information storage devices (e.g., hard disk, USB stick).
    • Premises, equipment, and communication networks (technical infrastructure).

    The SAMA Cyber Security Framework is structure around four major control domains. This include
    • Cyber Security Leadership and Governance.
    • Cyber Security Risk Management and Compliance.
    • Cyber Security Operations and Technology.
    • Third-Party Cyber Security.

    The Cyber Security Framework protects information assets against cyber threats. The Framework enables Member Organization to effectively identify and address risks related to Cyber Security. Further, it helps organizations achieve an appropriate maturity level of Cyber Security controls within the Organizations. The framework will be used as a benchmark to assess the maturity level and evaluate the effectiveness of the Cyber Security controls.

    Depending on scope, the average cost of Audit on the SAMA Cyber Security Framework is $12000.

    Discover our latest resources