Skip to main content
Entire section Custom print Text Only Rich Text Print / Save as PDF
Download Original PDF

Appendix D - How to Request a Waiver from the Framework

No: 381000091275 Date(g): 24/5/2017 | Date(h): 28/8/1438 Status: In-Force
Below the illustration of the process for requesting a waiver from the Framework. 
 
  •  
Detail description about the reasons that the bank could not meet the required control.
 
  •  
Details description about the available or suggested compensating controls.
 
  •  
The waiver request should first be approved by CISO before submitting to cyber security committee.
 
  •  
The waiver request should approved by the members of Member Organization's cyber security committee.
 
  •  
The waiver request should be signed by the CISO and relevant (business) owner.
 
  •  
The waiver request should be formally issued in writing to SAMA via the Member Organization's CEO or managing director to the deputy governor of Supervision.
 
  •  
‘SAMA IT Risk Supervision' will evaluate the waiver request and informs the Member Organization.
 
  •  
The current Framework remains applicable while the requested waiver is being evaluated and processed, until the moment of granting the waiver.