GRC Services
GRC & Consultation Services
GRC Services
The cyber security landscape is changing as it is becoming more crucial to the growth of organizations as a result of living in a world of rapid digital transformation. The traditional approach to cyber security does not align properly with current business goals and provide the appropriate level of assets’ protection.
To help organizations overcome these challenges, CCDS provides a wide range of governance risk and compliance (GRC) services including advisory, design and implementation services to meet the individual needs of each customer. These services range from establishing a strategic direction for your cyber security program to providing detailed technical evaluations of IT assets.
We use our high-level expertise in the field while working closely with our customers to provide best in class governance risk and compliance (GRC) services. Regardless of the maturity of your cyber security program, CCDS can help your organization improve its ability to deal effectively with cyber security challenges.
Saudi Local Framework
SAMA – Saudi Arabian Monetary Authority
| SAMA CSF | SAMA CTI |
| SAMA IT GOVE | SAMA PHYSICAL SECURITY |
| SAMA BCP |
NCA – National Cybersecurity Authority
The NCA is the government entity in charge of cybersecurity in Saudi Arabia and serves as the national authority on its affairs.
| The Saudi Cybersecurity Workforce Framework (SCyWF) | The National Policy for Managed Security Operations Centers |
| The National Cryptographic Standards | The regulatory Framework for Licensing Managed Security Operations Center Services |
| The Saudi Cybersecurity Higher Education Framework |
CITC – Communication & Information Technology Commission
It is our responsibility to enable an innovative communications infrastructure, while ensuring that services provided within the Kingdom meet the accessibility, performance, fairness and value standards that we set.
ARAMCO SACS-002
The CCC Program was established to ensure all Saudi Aramco third parties are in compliance with the cybersecurity requirements in the Third Party Cybersecurity Standard (SACS-002).
Insurance Authority
The regulator for the insurance sector of the Kingdom of Saudi Arabia. Shaping a dynamic sector centred around:
| Stability and financial soundness | Sector growth and development |
| Policyholder protection | Insurance awareness |
International Framework
ISO – International Standard Organization
The International Organization for Standardization is an international standard development organization composed of representatives from the national standards organizations of member countries. CCDS certifications | ISO 27001 | IS0 27005 | ISO 20000
Security Standard Council
The PCI Security Standards Council’s mission is to enhance global payment account data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders.
NIST – National Institute of Standards & Technology
NIST (National Institute of Standards and Technology) is a non-regulatory agency under the US Department of Commerce. Its primary role is to develop standards (particularly for security controls) that apply to various industries.