Score your
third-party risk
programme readiness.
Answer 15 questions across all 5 outsourcing-risk domains aligned to the SAMA Outsourcing Regulations. Get an instant maturity score, scored domain breakdown, and prioritised list of gaps — built for Saudi banks managing material vendor estates.
15 questions, one at a time, with keyboard auto-advance — Typeform-style.
Governance, Materiality, Due Diligence, Contracts, Monitoring — all benchmarked.
Each question maps to a SAMA Outsourcing Regulations expectation.
Walk away with your top 3 gaps ranked and actionable first steps.
Your SAMA Third-Party Risk Assessment
Conversational format, one question at a time. Use keyboard A–D to pick or click an option — answers auto-advance. Be honest: the value is in identifying gaps, not scoring well.
How robust is your
third-party risk programme?
Answer 15 questions across 5 outsourcing-risk domains aligned to the SAMA Outsourcing Regulations. Get your instant maturity score and a prioritised remediation roadmap in under 5 minutes.
Aligned to the SAMA Outsourcing Regulations — used by Saudi banks, insurers, and finance companies
What happens after you complete the assessment?
Your results are instant. You can also receive a personalised outsourcing-risk report reviewed by a veteran Head of IT Audit with 20+ years of SAMA examination experience.
Instant maturity score
Overall outsourcing readiness percentage and your maturity level — Initial, Developing, Defined, or Managed.
Domain-by-domain breakdown
See which outsourcing domain — Governance, Materiality, Due Diligence, Contracts, or Monitoring — is your biggest exposure.
Prioritised remediation plan
Top 3 gaps ranked by severity, with specific first steps you can act on before your next SAMA examination cycle.
Related on GRC Vantage
Outsourcing risk overlaps with cloud and cyber controls. Continue exploring the platform and sister assessments.
SAMA Outsourcing Platform
Full platform coverage of SAMA Outsourcing Regulations — supplier register, contracts, ongoing oversight.
SAMA CSF Readiness
Score your cybersecurity maturity against the Saudi Central Bank Cyber Security Framework.
NCA ECC Readiness
Score your cybersecurity maturity across 5 NCA ECC control domains.
Ready to put your vendor estate on auditable rails?
GRC Vantage has the SAMA Outsourcing Regulations, NCA CCC, and PDPL controls pre-mapped. Run vendor due diligence once, prove third-party oversight everywhere.
Pre-built questionnaires
SAMA-aligned security and outsourcing questionnaires that adapt by supplier criticality with reviewer routing and risk scoring.
Risk-rated supplier register
One register of all material vendors with concentration risk views, geographies, and SAMA notification status.
Right-to-audit & exit tracking
Track right-to-audit clauses, exit plans, sub-outsourcing chains, and contractual security obligations across all critical suppliers.
Frequently asked questions
Is the SAMA Third-Party Risk assessment really free?
Yes. No credit card, no sign-up to start, no commitment. You receive your full maturity score and gap analysis immediately after the 15 questions.
Who is this assessment for?
CROs, Heads of Procurement, Vendor Risk Managers, IT Audit Managers, and Compliance Officers at any SAMA-licensed entity managing material outsourcing arrangements.
Does it cover sub-outsourcing (4th-party) risk?
Yes. The Pre-Contract Due Diligence and Ongoing Monitoring domains both ask about sub-processor visibility — a fast-rising SAMA examination concern, especially for cloud and offshore IT.
How does it differ from PDPL or NCA CCC assessments?
PDPL focuses on personal data handling. NCA CCC covers cloud security controls. This assessment scores the SAMA outsourcing-governance lifecycle: policy, materiality classification, due diligence, contracts, and ongoing oversight.