arrow-left Back to Announcements
DATE:
AUTHOR:
The folks at Scrut
New Feature

SAMA Framework

DATE:
AUTHOR: The folks at Scrut

We are excited to announce the support for the SAMA framework in Scrut. The Saudi Arabian Monetary Authority (SAMA) Cybersecurity Framework is a comprehensive cybersecurity framework that provides guidance to financial institutions in Saudi Arabia on how to protect their systems and data from cyberattacks.

The framework is based on international best practices and is aligned with other leading cybersecurity frameworks, such as the NIST Cybersecurity Framework and the ISO/IEC 27001 standard.

Who benefits from the SAMA Framework?

The SAMA Framework benefits all financial institutions in Saudi Arabia, including banks, investment firms, and insurance companies. The framework helps financial institutions to improve their cybersecurity posture and reduce their risk of cyberattacks.

Why is the SAMA Framework in place?

The SAMA Framework is in place to protect Saudi Arabia's financial sector from cyberattacks. Cyberattacks can pose a significant threat to financial institutions, as they can lead to data breaches, financial losses, and reputational damage. The SAMA Framework helps financial institutions mitigate these risks by providing guidance on implementing and maintaining effective cybersecurity controls.

Key Features

The SAMA Cybersecurity Framework consists of four main cybersecurity domains:

  1. Leadership and Governance

  2. Risk Management and Compliance

  3. Operations and Technology

  4. Third-Party considerations

Maturity and levels

The SAMA Framework is based on a four-level maturity model:

  • Level 1: Awareness - Organizations at this level have a basic understanding of cybersecurity and have begun to implement some basic cybersecurity controls.

  • Level 2: Managed - Organizations at this level have implemented a comprehensive set of cybersecurity controls and have processes in place to manage their cybersecurity posture.

  • Level 3: Optimized - Organizations at this level have optimized their cybersecurity posture and are continuously improving their cybersecurity program.

  • Level 4: Innovative - Organizations at this level are leading the way in cybersecurity innovation and are constantly developing new ways to protect their systems and data from cyberattacks.

    If you have any questions or issues, please reach out to your assigned Customer Relationship Manager. They'll be happy to assist you!

    To view all the product updates, please click here.

Powered by LaunchNotes