In May 2017, the Saudi Arabian Monetary Authority issued version 1.0 of its Cyber Security Framework. Noting the importance of the need to safeguard sensitive data and transactions to ensure confidence in the Saudi financial sector, the Framework was designed to enable SAMA regulated entities (basically, banks, insurance companies and finance companies) to identify and address cyber security risks. In this article, we summarise key aspects of the Framework.
The Framework is based on SAMA requirements and industry standards (including ISO, BASEL and PCI-DSS). Its stated objectives are to create a common approach for addressing cyber security, to achieve an appropriate maturity level of cyber security controls, and to ensure cyber security risks are properly managed. It supersedes all prior SAMA circulars relating to cyber security.
Entities subject to the Framework include all banks, all insurance and reinsurance companies, all financing companies, all credit bureaus, and the Saudi financial market infrastructure. The Framework also has some degree of application to subsidiaries and the personnel of such entities, as well as to third party contractors and customers.
Cyber…