Effective from May 24 2017 - May 23 2017 To view other versions open the versions tab on the right
The Framework is applicable to all Member Organizations regulated by SAMA, which include the following:
•
All Banks operating in Saudi Arabia;
•
All Insurance and/or Reinsurance Companies operating in Saudi Arabia;
•
All Financing Companies operating in Saudi Arabia;
•
All Credit Bureaus operating In Saudi Arabia;
•
The Financial Market Infrastructure
All domains are applicable for the banking sector. However, for other financial institutions the following exceptions apply:
•
Sub-domain (3.1.2) the alignment with cyber security strategy of banking sector is mandatory when applicable.
•
Exclude sub-domain (3.2.3). However, if the organization store, process or transmit cardholder data or deal with SWIFT services, then PCI standard and/or SWIFT Customer Security Controls Framework should be implemented.
Exclude sub-domain (3.3.13). However, if the organization provides online services for customers, a Multi Factor Authentication capability should be implemented.