Effective from May 24 2017 - May 23 2017
To view other versions open the versions tab on the right

Below the illustration of the process for requesting a waiver from the Framework.
•	Detail description about the reasons that the bank could not meet the required control.
•	Details description about the available or suggested compensating controls.
•	The waiver request should first be approved by CISO before submitting to cyber security committee.
•	The waiver request should approved by the members of Member Organization's cyber security committee.
•	The waiver request should be signed by the CISO and relevant (business) owner.
•	The waiver request should be formally issued in writing to SAMA via the Member Organization's CEO or managing director to the deputy governor of Supervision.
•	‘SAMA IT Risk Supervision' will evaluate the waiver request and informs the Member Organization.
•	The current Framework remains applicable while the requested waiver is being evaluated and processed, until the moment of granting the waiver.