SAMA's Cyber Security Framework sets cyber governance and control expectations for Saudi financial institutions. It covers strategy, governance, risk management, operations, technology, third-party cyber security, incident response, and continuous improvement.
Official sources
What teams need to do
- Map the framework to policies, controls, owners, systems, and providers.
- Review identity, access, asset, vulnerability, change, monitoring, and incident controls.
- Assess third-party cyber security before and during service delivery.
- Track incidents, issues, remediation, metrics, and reporting.
Evidence to maintain
- Cyber framework mapping and governance records.
- System and provider inventories.
- Control evidence, third-party cyber assessments, incidents, and remediation.
- Metrics and management reporting.
Common gaps
- Third-party cyber evidence is not mapped to SAMA framework domains.
- Provider incidents do not trigger control reassessment.
- Cyber metrics do not show unresolved provider risk.
How Halbarad helps
Halbarad helps connect providers to cyber controls, evidence, incidents, downstream parties, monitoring signals, issues, and remediation.
Disclaimer
This guide is for general information only and is not legal advice. Review the official regulation, guidance, and supervisory materials, and consult qualified counsel or compliance advisors for your organization's specific obligations.