Compliance
Practical guides on managing the SAMA framework family, the NCA framework family, ISO 27001, SOC 2 and PDPL inside Saudi banks, government entities and regulated enterprises.
SDAIA is enforcing PDPL with SAR 5M fines. Saudi banks, government entities and enterprises in Riyadh and Dammam — here is why you should act now.
How to handle PDPL cross-border data transfers from Saudi Arabia — adequacy, safeguards, SaaS vendor flows, and data residency strategies explained.
A practitioner guide to PDPL data subject rights in Saudi Arabia — access, correction, destruction, objection and the 30-day response clock explained.
A step-by-step ISO 27001:2022 certification roadmap for Saudi organisations — scope, Annex A controls, Stage 1 and Stage 2 audits, and SAMA CSF alignment.
A free NCA ECC compliance checklist for 2026 — every domain, sub-control and evidence requirement Saudi government and CNI operators need, downloadable.
A practitioner's guide to NCA Essential Cybersecurity Controls — scope, five domains, assessment process and evidence for Saudi government and CNI operators.
A step-by-step PDPL Saudi Arabia implementation checklist — lawful basis, DPO, records of processing, data subject rights, breach notification and transfers.
A free SAMA CSF compliance checklist for 2026 — every domain, sub-control and maturity expectation Saudi banks need to evidence, with downloadable template.
A practitioner's guide to SAMA CSF compliance in 2026 — scope, maturity model, governance, third-party depth, inspection expectations for Saudi banks.
How SAMA CSF maps to ISO 27001 Annex A — what overlaps, what's Saudi-specific, and how to run one connected ISMS that satisfies both frameworks at once.
A factual comparison of SAMA CSF and NCA ECC — issuer, scope, structure, control counts, assessment methodology and how Saudi organisations manage both.