The SAMA Cyber Security Framework module provides a centralised compliance hub for the framework issued by the Saudi Central Bank (SAMA). The framework applies to all SAMA "Member Organisations" - banks, insurance and reinsurance companies, finance companies, credit bureaus, and the financial market infrastructure operating in the Kingdom of Saudi Arabia.
Framework Structure
The SAMA CSF (v1.0) is organised into four main domains, each broken down into subdomains and detailed sub-controls. Venvera ships the full reference catalogue (around 107 sub-controls) which you seed into your organisation and then tailor.
| Domain | Focus |
|---|---|
| 1. Cyber Security Leadership & Governance | Strategy, governance, policies, roles, awareness, and training |
| 2. Cyber Security Risk Management & Compliance | Risk management, regulatory compliance, and periodic review |
| 3. Cyber Security Operations & Technology | Asset and identity management, infrastructure, application and data security, and event monitoring |
| 4. Third Party Cyber Security | Contracts, outsourcing, and cloud computing services |
Dashboard Metrics
The SAMA dashboard summarises your posture at a glance:
- Implementation status breakdown - how many sub-controls are implemented, partially implemented, not implemented, or not applicable.
- Compliance by domain - implementation progress for each of the four domains.
- Maturity score - your average current maturity against target maturity across assessed controls.
- Audits and evidence - counts of audits by status and evidence records on file.
Modules
From the SAMA section in the sidebar you can reach three working areas:
The control library where you record implementation status, owners, and notes. See Managing SAMA Sub-Controls.
Plan self-assessments and SAMA reviews and record their findings. See SAMA Audits & Findings.
Store and reference the documents that support your control implementation. See Evidence Management.