Renad Al Majd Saudi Arabia "RMG" signed a strategic partnership agreement with the UK project "AXELOS", to provide its clients in the Kingdom of Saudi Arabia with the best international training programs and internationally recognized certificates in IT services management and project management.

The importance of the agreement for the market in general and the Saudi market, in particular, lies in providing a number of the best training programs and methodologies used globally to develop professionals working mainly in IT services management and project management.

It is worth mentioning that the "AXELOS" project is a joint venture established in 2013 by the British Council of Ministers and Capita Company. The project develops, manages, and operates a number of the best training programs and methodologies used globally to develop professionals primarily engaged in IT services management and project management. , Works in the private, public, and volunteer sectors in more than 150 countries to improve employee skills and competence to make both individuals and organizations work more professionally and effectively.

In our keenness in Renad Al Majd Company to contribute to market development and build strategies in line with the Kingdom's vision (Vision 2030);

We are pleased to announce the signing of a partnership agreement with the "AXELOS" project to provide international training programs and internationally recognized certificates, And to provide the best technology solutions in the Arab markets.

Accordingly, it was agreed with the company "AXELOS" to provide some of its services within the Kingdom of Saudi Arabia, including:

1. ITIL (Information Technology Infrastructure Library):

It is a set of concepts and practices for achieving high-quality IT Service Management (ITSM). It is known that companies with employees possessing advanced certificates in ITIL are pioneers in the development and implementation of IT management services.

ITIL is an internationally recognized certification in the field of information technology, which is supervised by AXELOS. The program contains a series of certificates that qualify for the degree of professionalism in the field of IT services management.

2. Prince2 Certificate in Project Management:

PRINCE2 is the most popular professional project management certification, and reports indicate that PRINCE2 is the most powerful global project management certification, in 2013, more than 158,000 exams were taken!

3. The PRINCE2 Agile Project Management Certification:

It is one of the latest additions to the Project Management Certification Board. As a comprehensive turnkey business solution, allowing focus on management and timely delivery, it blends the principles of Project Management (Prince2) with a flexible delivery framework (Agile).

This might sound like a somewhat strange and contradictory combination, but it can work very well together.

The Prince2 Agile certification is available at two levels: Foundation and Practitioner.

4. Management Successful Program certificate (MSP):

The Management Successful Program (MSP) certificate enhances the ability to organize and manage large projects. It also works to develop your practical skills from designing, planning, and implementing programs for large projects. It is considered one of the strongest internationally recognized certificates in the field of program management.

AXELOS provides three levels of MSP certification, which is the MSP Foundation, the first certification that can be obtained and qualifies for entry into the field of successful program management, the MSP Practitioner Certificate, which you can obtain after obtaining the basic certification, and finally, the certification MSP Advance Practitioner is the top certification in the Axelos Program for Successful Program Management.

5. Management of Value certificate (MoV):

A value management program helps organizations and individuals manage their projects, programs, and services consistently and efficiently. It also guides key principles, processes, techniques, and approaches for all business data.

6. Project, Programs, Portfolios Offices Management certificate (P3O):

The Project, Programs, Portfolio Offices Management (P3O) program gives you an accredited international certificate, the possession of which reflects your interest and familiarity with the basic principles, methodologies, and methods used within the knowledge guide for a certificate. (P3O)

7. Risk Management Certificates (M-o-R),

8. Portfolio Management Certificates MOP.

The agreement also provides for the provision of institutional evaluation services (assessments), and the services that will be provided by Rinad Al Majd Information Technology (RMG) in partnership with AXELOS are:

• ITIL Assessments Model:

The Assessment and Maturity service Model (ITIL) was developed to help organizations better manage their IT services within the ITIL framework. It also contributes to a description of the organization's level of maturity, a plan for how to improve, and the ability to maintain results and track improvement.

• Capacity Maturity Model (P3M3-Maturity Assessments):

P3M3, also known as the "Project and Program Management Maturity Model", is a Management Maturity Model (M3) and a method for measuring an organization's ability to evaluate its projects, programs, and portfolios.

Now, within the Saudi Arabia kingdom companies and organizations, can take benefit from the institutional assessment services and capacity measurement models through Renad Al Majd Information Technology (RMG) representation of the British company AXELOS.

The general manager of Renad Al-Majd Company (RMG),  Mr.Abdul Karim bin Muhareb explained: The partnership with “AXELOS” is a very important addition to the list of companies and institutions that have placed their confidence in the company “RMG” to provide technology services in the Kingdom through his company “Renad Al Majd”, adding:

The services provided by Renad Al Majd are considered the first in the Kingdom.

Mr. Abdul Karim also added, our customers can take the exam directly to obtain the previously mentioned international certificates or register in training programs that qualify you for those certificates, and training programs will be provided by Renad Al Majd (RMG) for Information Technology in partnership with the British company (AXELOS).

And Mr. Abdul Karim: "We always strive to search for the latest technologies that enable our customers to achieve business quality using the most efficient tools, and to provide them with a unique experience that enables them to manage the business by applying best practices to enhance efficiency, effectiveness, governance, and overall quality."

 We have to notice that AXELOS project agreement, comes within a group of services and other agreements entered into by Renad Al Majd Company (RMG) to help companies .develop their business environment to comply with the requirements of the new digital world, and harmonize business with the latest digital technologies in the current technological era.

Renad Al Majed Group (RMG) and Beqaa Al Estora General Trading Company (LLS Group) in Iraq have signed an agreement to exchange experiences, consulting services, specialized training, and ISO standards consulting services.

Based on the strategy of Renad Al Majed Group (RMG) that focuses on expansion in Middle East countries and the desire to transfer and develop information technology in the other countries and support institutions to achieve the desired Objectives and to keep pace with digital transformation development, information technology, information security, Implementation of quality systems also training in order to achieve the  institutional excellence and desired objectives.

The signed agreement includes many Aspects as consulting, training, qualification, examination, evaluation, and adoption it in the following areas:

• International ISO standards
• ITSM
• IT Governance
• CMMI
• Digital Skills Framework (SFIA)
• Software Development Life Cycle (SDLC)
• Organizational change (OCM)
• Project Management (PMO)
• CYBER SECURITY
• Digital Transformation
• The parties have the right to add any other specialties

Renad Al Majed Group (RMG) is a Saudi leader company in of information technology.

Renad Al Majed Group (RMG) has a qualified and Internationally certified team of consultants and experts, with a record of Success and achievements with a largest governmental organization and the private sector also in the Kingdom of Saudi Arabia.

The agreement included many terms and areas in which Renad Al Majed Group (RMG) and Beqaa Al Estora General Trading Company will in the following domains:

• International ISO standards
• IT Governance
• CMMI
• Digital Skills Framework (SFIA)
• Software Development Life Cycle (SDLC)
• Organizational change (OCM)
• Project Management (PMO)
• CYBER SECURITY
• Digital Transformation

Beqaa Al Estora General Trading Company (LLS Group) is one of the leading Iraqi companies in the field of information technology and digital transformation and a Microsoft's global solutions service provider.

The Saudi-Iraqi relations have a achieved a recognized growth in many Business aspects, and the leadership in the two countries has a common desire to enhance this strategic relationship in a manner befitting the historical ties, in the interest of the two brotherly countries. Where the Iraqi Prime Minister chose the Kingdom of Saudi Arabia as the first country to visit after taking office, and the Kingdom of Saudi Arabia celebrated this extremely important visit and a desire to provide all means of success to it is what prompted us in Renad Al Majed Group (RMG) to search for the best distinguished companies in the State of Iraq Sibling to build partnerships and agreements with it and expand our activities there.

Renad Almajed Group (RMG) is the first consulting company to successfully implement the CYBER SECURITY

Renad Almajed Group (RMG) is the first Saudi consulting company that succeeded in implementing the SAMA Cyber Security Framework application project as it implemented it in the Saudi Home Loans (SHL) because of the importance and necessity of this framework to achieve the requirements of the current digital community that has high expectations with experience Flawless customers, constant availability of services and effective protection of sensitive data. The origins of information and online services are now of strategic importance for all public and private institutions, as well as for the wider community.

These services are vital to creating a vibrant digital economy. It has also become systematically important to the economy and broader national security. All this confirms the need to protect sensitive data and transactions, and thus ensure confidence in the Saudi financial sector in general.

Therefore, we find that the Saudi Arabian Monetary Agency (SAMA) is now imposing the adoption of the application of this framework on all (“member organizations”) operating in the field of loans, banks, financial services and insurance in order to identify and effectively address risks related to cyber security to maintain the protection of information assets and services via the Internet.

What is cyber security?

Cyber security is defined as a set of tools, policies, security concepts, security guarantees, guidelines, risk management approaches, procedures, training, best practices, safeguards, and technologies that can be used to protect an organization's information assets from internal and external threats.

General security objectives include:

• Confidentiality - the information assets can only be accessed for persons authorized to access (i.e. protected from unauthorized disclosure or (cancellation) the intended leakage of sensitive data).
• Integrity - the information assets are accurate and complete and properly processed (i.e. protected from unauthorized modification, which may include authenticity and non-repudiation).
• Availability - information assets are flexible and accessible when required (i.e. protected from unauthorized outages).

Therefore, we find that the framework defines the principles and objectives for initiating, implementing, maintaining, monitoring and improving cyber security controls in member organizations. The framework provides cyber security controls that apply to the organization's information assets, including:

• Electronic information.
• Physical information.
• Applications, programs, electronic services and databases.
• Computers and electronic devices (such as ATMs).
• Information storage devices (for example, hard disk, flash drive).
• Buildings, equipment and communication networks (technical infrastructure).

The framework has a correlation with other institutional policies in related areas, such as physical security and fraud management.

Applicability

Where does cyber security apply?

The framework applies to all member organizations organized by the Saudi Arabian Monetary Agency, which include the following:

• All banks operating in the Kingdom of Saudi Arabia.
• All insurance and/or reinsurance companies operating in the Kingdom of Saudi Arabia.
• All finance companies operating in the Kingdom of Saudi Arabia.
• All credit offices operating in the Kingdom of Saudi Arabia.
• Financial market infrastructure

The most important features of cyber security

• Responsibilities

The framework is mandated by the Saudi Arabian Monetary Agency. The monetary agency is the owner and is responsible for the periodic updating of the tire.

Member organizations are responsible for adopting and implementing the framework.

• Explanation

The Saudi Arabian Monetary Agency SAMA, as the framework owner, is solely responsible for providing interpretations of principles, objectives, and control considerations, if necessary.

• The target audience

The framework aims to senior and executive management, business owners, owners of information assets and those responsible for participating in defining, implementing and reviewing cyber security controls within member organizations.

• Audit update and maintenance

The Saudi Arabian Monetary Agency will periodically review the framework to determine the effectiveness of the framework, including the effectiveness of the framework to counter emerging cyber security threats and risks. If possible, the Saudi Arabian Monetary Agency will update the framework based on the audit findings.

If a member organization considers that updating the framework is required, it must provide the required update formally to the Saudi Arabian Monetary Agency. The Saudi Arabian Monetary Agency will review the requested update, and upon approval, the framework will be modified

The frame structure has its advantages

The framework is structured around four main domains, namely

• Cyber Security Leadership and Governance.
• Cyber security risk management and compliance
• Cyber security operations and technology.
• 3rd party cyber security.

For each domain several subdomains are defined. The subdomain focuses on a specific topic of cyber security. For each subdomain, the framework provides for initial, objective and monitoring considerations

The principle summarizes the main set of required cyber security controls related to subdomain.

The target describes the purpose of the principle and what the required set of cyber security controls are expected to achieve.

Monitoring considerations reflect mandatory cyber security controls that must be taken into account. Control considerations are uniquely numbered throughout the tire. Where appropriate, consideration of control can consist of up to 4 levels.

Control considerations are numbered according to the following numbering system:

The figure below shows the general structure of the framework and indicates cyber security and sub-domains, including reference to the applicable section of the framework.

Self-evaluation, review and audit

Self-evaluation, review, and audit

Implementation of the framework in the organization will be subject to periodic self-evaluation. The organization will conduct a self-assessment based on a questionnaire. The Saudi Arabian Monetary Agency will review and review self-assessments to determine the level of compliance with the framework and the maturity level of cyber security in the organization.

Cyber Security Maturity Model

The level of cyber security maturity will be measured with the help of a predefined cyber security maturity model. The cyber security maturity model characterizes 6 maturity levels (0, 1, 2, 3, 4, 5), summarized in the table below. In order to achieve levels 3, 4 or 5, the organization must first meet all the criteria for previous maturity levels.

The objective of the framework is to create an effective approach to addressing cyber security and managing cyber security risks within the financial sector. To achieve an appropriate level of cyber security maturity, member organizations must operate at least at the maturity level 3 or higher as shown below.

Third Maturity Level (3)

Cyber security documents must clearly indicate "why", "what" and "how" cyber security controls should be implemented. Cyber security documents consist of cyber security policies, cyber security standards and cyber security measures.

Cyber security policy must be adopted and delegated by the organization’s council and clarify “why” cyber security is important to the organization. The policy should highlight the origins of the information that must be protected and “what” are the principles and goals of cyber security that must be developed

Based on cyber security policy, cyber security standards must be developed. These "what" standards define what cyber security controls must be implemented, such as security and system standards, separation of duties, password rules, event monitoring and backup and recovery rules. Standards support and enhance cyber security policy and should be considered as baselines of cyber security.

Step-by-step tasks and activities that staff, third parties, or WHO clients should perform in cyber security procedures are detailed. These procedures define "how" cyber security controls, tasks and activities should be implemented in the operating environment and support the protection of the organization's information assets in accordance with cyber security policy and standards.

The process is defined in the context of this framework as an organized set of activities designed to achieve the specified goal. The process may include policies, standards, guidelines, procedures, activities and work instructions, as well as any of the roles, responsibilities, tools and management controls required to reliably deliver outputs.

Actual progress in the implementation, performance, and compliance of cyber security controls should be monitored and evaluated periodically using Key Performance Indicators (KPIs).

Fourth Maturity Level (4)

To achieve the fourth level of maturity, the organization must periodically measure and evaluate the effectiveness of implemented cyber security controls. In order to measure and assess whether cyber security controls are effective, key risk indicators (KRI) must be identified. The KRI indicates an effectiveness measurement criterion and must determine whether the actual outcome of the measurement is less than or is working on or above the target base. KRIs are used to report trends and identify potential improvements.

Fifth Maturity Level (5)

The fifth level of maturity focuses on the continuous improvement of cyber security controls. Continuous improvement is achieved through continuous analysis of the goals and achievements of cyber security and the identification of structural improvements. Cyber security controls must integrate with enterprise risk management practices and be supported by real-time automated monitoring.

Business process owners should be responsible for monitoring compliance with cyber security controls, measuring the effectiveness of cyber security controls, and incorporating cyber security controls within the enterprise risk management framework. Additionally, the performance of cyber security controls must be evaluated using peer and segment data.

We are pleased to serve you by filling in the contact form

RMG get accredited by the International Council of E-Commerce Consultants "EC-Council"

Most organizations face a number of challenges in the business world, from protecting customer results to intellectual property and sensitive information. Given these challenges, cyber security is a necessity, not a luxury.

As a culmination of our cyber security services, we have built partnerships with global cyber security providers. Renad Almajed Group (RMG) has been accredited by the world’s largest technical certification body for cyber security, the International Council of Electronic Commerce Consultants “EC- Council” as an accredited training center.

The Training Portfolio of “EC- Council” includes comprehensive courses on cyber security such as:

• Certified Hacker Ethical
• Supported in network defense
• Master's CEH
• Certified threat Intelligence Analyst (C | TIA)
• Certified Security Analyst from the World Council of Electronic Commerce Advisors (ECSA): Penetration Testing
• Certified Security Analyst from the World Council of E-Commerce Advisors (My work)
• LPT (Master's) Training Program: Advanced Penetration Testing Course
• Global Council of E-Commerce Advisors (V 2) Certified incident Processor

“Our focus is on helping our customers to keep their business safe and globally, by providing the right cyber security training, consulting, and solutions,” said Fayyad Bayan, CEO of Renad Almajed Group (RMG). The reputation of “EC- Council” in expanding the global partner network, to fully manage the certification process, starting with training accreditation, offering a consulting program, and managing the testing process worldwide.”

For more info just contact us