Achieve SAMA Cybersecurity Framework Compliance

How Infopercept and Invinsense Help You Meet the Requirements of Saudi Arabian Monetary Authority’s Cyber Security Framework (Version 1.0, May 2017)

What is SAMA Cyber Security Framework?

The Cyber Security Framework issued by the Saudi Arabian Monetary Authority (SAMA) in May 2017 (Version 1.0) is acomprehensive regulatory requirement for all financial institutions in the Kingdom of Saudi Arabia — including banks,insurance companies, finance firms, credit bureaus, and financial market infrastructure (FMI). The framework establishes a risk-based, maturity-driven approach across governance, risk, operations, technology, and third-party security domains.
Infopercept, through its unified cybersecurity platform Invinsense, enables financial entities to align with these guidelines — not only for regulatory compliance but also for measurable cyber resilience.

How Invinsense Helps You Comply with SAMA Cyber Security Framework

SAMA Cyber Security FrameworkSAMA Cyber Security Framework
01
Cybersecurity Governance & Leadership
+
  • Define and manage Cybersecurity Committees and responsibilities through GSOS.
  • Maintain audit trails for Cybersecurity Strategy, Policies, Risk Appetite, and Budget approvals.
  • Provide Board and senior management with dashboards and KRI reports.

Covers: Section 3.1 – Leadership & Governance

Supports maturity levels 3–5: Structured to Adaptive

02
Cyber Risk Management & Compliance
+
  • Automate cyber risk assessments and maintain an up-to-date risk register using OXDR and threat modeling.
  • Track regulatory compliance tasks and gap closures.
  • Document risk treatment decisions, exceptions, and control ownership.

Covers: Section 3.2.1 – Risk Management

Section 3.2.2 – Compliance

Section 2.3–2.4 – Self-Assessment, Maturity, Audit Readiness

03
Cybersecurity Operations & Technical Controls
+
  • Leverage Invinsense XDR for SIEM, SOAR, EDR, and centralized visibility.
  • Enforce controls on access, malware defense, application/infrastructure security, and cryptography.
  • Ensure real-time monitoring and evidence generation for audit and compliance.

Covers: Section 3.3 – Operations & Technology

Domains: Logging, Alerting, Patch Management, Cryptography

04
Awareness, Training & Workforce Security
+
  • Deliver structured security awareness programs through GSOS’s dedicated training module, including phishing simulations.
  • Track employee participation, comprehension, and repeat risk scores.
  • Map training and responsibilities to specific job functions and access rights.

Covers: Section 3.1.6 – Cybersecurity Awareness

Section 3.1.7 – Training & Competency Management

05
Incident Management, Testing & Red Teaming
+
  • Manage incident lifecycle with built-in playbooks, RCA workflows, and breach reporting aligned to SAMA protocols.
  • Execute continuous red teaming, attack simulation, and forensics logging via RedOps.
  • Track incidents by classification, response SLA, and regulator notification timelines.

Covers: Section 3.3.14 – Event Management

Section 3.3.15 – Incident Handling & Forensics

Regulatory Reporting: Notify SAMA for medium/high-classified incidents

06
Third-Party & Cloud Risk Management
+
  • Onboard, assess, and monitor third parties through GSOS’s vendor risk workflows.
  • Enforce security terms in contracts, including SLAs, breach notification, and exit plans.
  • Review cloud adoption strategies aligned with SAMA’s risk-based cloud requirements.

Covers: Section 3.4 – Third Party & Outsourcing Cybersecurity

07
Compliance Monitoring & Self-Assessments
+
  • Automate SAMA Cybersecurity Self-Assessments with maturity-level mapping (L1–L5).
  • Track implementation progress, control effectiveness, and audit closures via dashboards.
  • Generate reports for internal audit, external consultants, and SAMA’s IT Risk Supervision team.

Covers: Section 2.3 – Cybersecurity Review & Self Assessment

Section 3.2.5 – Audit Management

Why Choose Infopercept + Invinsense?

image

Full alignment with SAMA CSF across all control domains

image

Unified cybersecurity platform: XDR, GSOS, OXDR, RedOps, and Deception

image

A team of experienced and certified VAPT and compliance professionals

image

Real-time dashboards, KRIs, audit logs, and evidence

image

Experience across BFSI clients in Saudi Arabia, GCC, and globally

Compliance Today. Resilience for the Future.

SAMA compliance is more than a mandate — it's a foundation for trust in the digital financial ecosystem.
Infopercept and Invinsense enable you to meet every requirement while strengthening your security posture from the inside out.

Welcome to the single source of truth you need for cybersecurity.

Discover complete cybersecurity expertise you can trust and prove you made the right choice!

invinsense