Information Technology Governance Framework

Saudi Central Bank (“SAMA”) has established an Information Technology Governance Framework (“the Framework”) to enable organizations regulated by SAMA (“the Member Organizations”) to effectively identify and address risks related to IT. The objective of the Framework is as follows: 1. To create a common approach for addressing IT risks within the Member Organizations. 2. To achieve an appropriate maturity level of IT controls within the Member Organizations. 3. To ensure IT risks are properly managed throughout the Member Organizations. The framework will be used to periodically assess the maturity level and evaluate the effectiveness of the IT controls at Member Organizations. The framework is based on the SAMA requirements and industry IT standards.

Cybersecurity Framework

SAMA established a Cyber Security Framework (“the Framework”) to enable Financial Institutions regulated by SAMA (“the Member Organizations”) to effectively identify and address risks related to cyber security. To maintain the protection of information assets and online services, the Member Organizations must adopt the Framework. The objective of the Framework is as follows: 1. To create a common approach for addressing cyber security within the Member Organizations. 2. To achieve an appropriate maturity level of cyber security controls within the Member Organizations. 3. To ensure cyber security risks are properly managed throughout the Member Organizations. The Framework will be used to periodically assess the maturity level and evaluate the effectiveness of the cyber security controls at Member Organizations, and to compare these with other Member Organizations. The Framework is based on the SAMA requirements and industry cyber security standards, such as NIST, ISF, ISO, BASEL and PCI.