Automation of the Cybersecurity Framework issued by Saudi Bank SAMA

Automation of the Cybersecurity Framework issued by Saudi Bank SAMA

Would you like to measure your compliance with the Central Bank of Saudi Arabia SAMA cybersecurity regulations? Don't look elsewhere; RMG is here.

We enable your financial institution to obtain SAMA license by providing specialized consultations and solutions that help you comply with cybersecurity regulations issued by the Central Bank of Saudi Arabia. We evaluate your level of compliance with them and prepare corrective plans and frameworks to qualify you to pass the required level of applying security regulations and obtain a business license in the Kingdom.


What is the Saudi Central Bank compliance service?

A set of regulations and policies related to cybersecurity and information security launched by the Central Bank of Saudi Arabia to ensure the ability of financial institutions to prepare for deal with and recover from cyber threats and ensure the continuity of their operations, all institutions wishing to conduct banking business in the Kingdom must comply with all regulations contained in SAMA’s information security standards and policies, which set specific levels for passing the assessment and renewing SAMA’s license.

Automation of the Cybersecurity Framework issued by Saudi Bank SAMA Automation of the Cybersecurity Framework issued by Saudi Bank SAMA Renad Al Majd Group for Information Technology RMG

Show your commitment to SAMA's cybersecurity regulations or you will be out of the competition market soon!!

Contact us now What is the assessment of compliance with SAMA regulations?

SAMA cybersecurity compliance assessment is the process of evaluating the level of compliance of financial organizations and entities in the Kingdom with the minimum requirements of mandatory regulations issued by the Saudi Central Bank by an external audit entity, which are as follows:

  • Minimum Verification Controls for customers of fintech companies
  • Basic requirements for cyber resilience (Cyber ​​Resilience Fundamental Requirements, CRFR)
  • Information Security Regulatory Guide Requirements (SAMA Cyber ​​Security Framework)

Who is this service for?

The Saudi Central Bank obliges all entities of all types (governmental, profit, non-profit) subject to its supervision to comply with the cybersecurity and information security regulations it issues and to submit official documents proving their commitment to the application of those regulations as follows:

  • Regulated financial institutions and banks
  • Investment companies, insurance and reinsurance companies
  • Entities involved in payment systems
  • Fintech digital financial products, such as E-Wallets
  • Any member organization offering lending products, crowdfunding or other fintech business model under the supervision of SAMA

Or any organization that falls under the following classification:

(Banks – Funding – Insurance – Payments – Exchange – Credit Information)

Benefits of assessing compliance with SAMA's cybersecurity regulations

Conducting a compliance assessment of SAMA controls assists financial institutions in many aspects, most notably:

  1. Being able to renew SAMA’s license and obtain a permit to practice work
  2. Ensuring compliance with the regulatory requirements imposed by the Central Bank of Saudi Arabia
  3. Enhancing customer and stakeholder confidence in the organization’s services and increasing their reliability
  4. Ending the risks posed by innovative information systems and digital transformation
  5. Enhance integration between financial entities and facilitate the exchange of financial information between them
  6. Improving their ability to withstand threats and raising the level of cyber resilience
  7. Ensuring continuity of operations and reducing downtime in core activities
إدارة التغيير

Who is the best qualified entity to conduct a compliance assessment of SAMA's cybersecurity regulations?

The Saudi Central Bank requires institutions wishing to pass the compliance assessment and obtain a SAMA license to conduct independent certification and confirmation of the organization’s cyber risk posture, cybersecurity auditors must ensure the authenticity of the documents and confirm that they prove the entity’s compliance with all regulations

The following conditions are required for the independent auditor evaluating your compliance with regulations:

  • He has previous experience in providing cybersecurity services
  • He has experience in the field of auditing cybersecurity systems
  • Good reputation and commitment and achieved high levels of satisfaction
  • To be an independent third party (external party) authorized to work in the Kingdom
  • Has a technically and professionally qualified team to assess compliance and provide the necessary support

“AHKAM” GRC Management System (Governance, Risk, and Compliance Management System) (GRC solution)

AHKAM system consists of a set of interconnected and integrated tools that help the organization manage governance, risk, and compliance processes (GRC solution) and improve them in line with its strategic objectives.

How can we help you obtain a SAMA license?

For many years, we have been distinguished by our specialized expertise and unique solutions that we provide to our customers to assess their compliance with regulatory security controls and requirements, including the following:

استشارات القياس العاشر لقياس التحول الرقمي الحكومي 2022

Evaluation and diagnosis

We help financial institutions evaluate their level of compliance with:
- Requirements for customer verification controls of fintech companies (Minimum Verification Controls)
- Basic requirements for cyber resilience (Cyber Resilience Fundamental Requirements, CRFR)
- Evaluating the current level of compliance with the requirements of the Information Security Regulatory Guide (SAMA Cyber Security Framework)

استشارات القياس العاشر لقياس التحول الرقمي الحكومي 2022

Plans designing

- We help you conduct a deep analysis of the current situation in your organization, identify strengths and opportunities for improvement, and identify gaps compared to regulations.
- We also help you create a clear compliance plan, build a roadmap tailored to your needs and implement it to meet audit requirements.
In addition, we help you develop the corrective plan (Roadmap) to comply with the Information Security Regulatory Guide to reach the third maturity level.

Automation of the Cybersecurity Framework issued by Saudi Bank SAMA Automation of the Cybersecurity Framework issued by Saudi Bank SAMA Renad Al Majd Group for Information Technology RMG

Building abilities

Reaching the conditional commitment stage requires you to increase the awareness of your organization’s employees about SAMA’s cybersecurity regulations and achieve cyber resilience, therefore, during the project, we offer you specialized programs prepared in accordance with the best international practices targeting all work teams, which may include: workshops, special courses, awareness campaigns.

Automation of the Cybersecurity Framework issued by Saudi Bank SAMA Automation of the Cybersecurity Framework issued by Saudi Bank SAMA Renad Al Majd Group for Information Technology RMG

Preparing documents

We support and assist you in preparing compliance reports and manuals of cybersecurity processes, policies and procedures in a format consistent with SAMA-approved assessment standards.

Do not hesitate to contact us for any inquiries

Why choose RMG?

Comprehensive knowledge

We have extensive knowledge and experience in relevant interrelated fields, which makes us your best choice to provide optimal support in the journey of assessing compliance with SAMA’s security regulations.

Local expertise

We have an in-depth understanding of the Saudi Arabia market and its financial sector, and we have previous experience in providing similar services and a proven track record of completing similar projects.

From start to finish

We have global laboratories equipped with the latest tools, and we have a consulting team that includes +60 experts in the fields of cyber auditing, working within internationally approved methodologies.

From strategy to implementation

We do not only provide recommendations, but we work with you to design strategies and plans, and accompany you in implementing them in order to ensure their success and achieve the goals assigned to them.

You will not go alone

We work with you from the beginning until you reach a stage where you are able to manage the project yourself without constantly needing us, we make sure to be available to support you at any time.

Support in all languages

We have a bilingual team (Arabic and English) qualified to work throughout the project phases, we prepare documents in clear wording using the agreed modeling language.

Whether you're not sure where to start on your compliance journey or you need help with part of the journey, we at RMG welcome you and are honored to serve you.

Fill out the following contact form 👇 and our experts will contact you to answer all your inquiries

We are pleased with your contact and inquiries!


Yes, The Central Bank of Saudi Arabia imposes a condition on financial entities wishing to obtain a SAMA license, stipulating that each entity must submit a report on compliance with the application of the requirements contained in the regulations, policies and regulatory frameworks issued by the bank, according to the specified levels.

The regulations apply to any organization that is a member of the Central Bank and conducts banking business in the Kingdom:

  • Insurance and/or reinsurance companies
  • Funding companies
  • All credit bureaus
  • Any organization offering e-wallet, lending products, crowdfunding or other fintech business model under the supervision of SAMA

The efforts of the Saudi Central Bank (SAMA) aim to develop electronic services provided to banking sector customers by improving their quality and effectiveness in accordance with applied best practices, this is to ensure the facilitation of financial transactions by saving time and effort to obtain banking documents and certificates while enhancing confidence in the authenticity of documents issued electronically.

Moreover, the Central Bank imposes special restrictions on institutions to obtain a SAMA license to conduct business within the Kingdom and requires them to submit a compliance report with the aforementioned regulations proving their compliance with all requirements.

You must initially seek the help of an independent, external party to confirm your compliance with the security controls that the Saudi Central Bank requires to apply in order to obtain the license, after you ensure that you fully comply with all requirements; you must submit reports and results of the independent cybersecurity audit to the Central Bank along with other documents.

Renad Al Majd for Information Technology and Consulting RMG supports institutions wishing to establish a business in the financial sector during the compliance journey, starting with assessing gaps, through preparing corrective plans, and ending with preparing reports and audit results and submitting them to the Central Bank until they are accepted.

Contact us now to speak with cybersecurity experts in the Kingdom!