Book traversal links for 2.2 Risk-Based Approach
2.2 Risk-Based Approach
Date(g): 1/1/2022 | Date(h): 28/5/1443 |
Effective from Jan 01 2022 - Dec 31 2021
To view other versions open the versions tab on the right
The domains and control requirements included in the fundamental requirements are risk-based and intended to provide participants with essential direction on how to mitigate the most common risks they face, without placing undue burden on them that could stifle innovation and business growth.
From this perspective, the fundamental requirements sets the essential cyber security and resilience mandatory requirements for entities that are within the scope of applicability. In addition, Saudi Central Bank expects entities to conduct their own internal risk assessments to monitor the development of the cyber security and resilience threat landscape, to identify new and evolving risks, to evaluate the potential impact of these risks, and where deemed necessary to implement additional or enhanced security and resilience control requirements beyond the fundamental requirements to mitigate these risks in line with the entities risk appetite.