Saudi Central Bank will review the Framework periodically to determine the Framework's effectiveness, including the effectiveness of the Framework to address emerging IT threats and risks. If applicable, Saudi Central Bank will update the Framework based on the outcome of the review.

If a Member Organization considers that an update to the framework is required, the Member Organization should formally submit the requested update to Saudi Central Bank. Saudi Central Bank will review the requested update, and when applicable, the Framework will be adjusted on the next updated version.

The Member Organization will remain responsible to be compliant with the framework pending the next version update.

Please refer to 'Appendix A - How to request an Update to the Framework' for the process of requesting an update to the Framework.

Version control will be implemented for maintaining the framework. Whenever any changes are made, the preceding version shall be retired and the new version shall be published and communicated to all Member Organizations. For the convenience of the Member Organizations, changes to the framework shall be clearly indicated.