Every Compliance Framework.
Mapped, assessable, and current.
780+ SAMA, NCA, PDPL and ISO 27001 controls pre-loaded with evidence templates, ownership workflow and submission-ready reporting. Built and supported from Riyadh and Dammam.
- 780+
- Saudi & international controls mapped
- 4
- Live framework reference pages
- 6
- Free readiness assessments
- 100%
- Saudi-first · Riyadh + Dammam
Saudi & international frameworks — 4 live, more coming
Essential Cybersecurity Controls (ECC – 2 : 2024)
108 controls · 232 nodes · the Saudi cybersecurity baseline.
Critical Systems Cybersecurity Controls (1 : 2019)
85 hardened controls layered on top of ECC for critical systems.
Cyber Security Framework (1.0)
250 controls assessed on a 5-level maturity model for the financial sector.
Business Continuity Management Framework
75 BCM, BIA, DRP and cyber-resilience controls for SAMA-supervised entities.
Information Security Management Systems (2022)
93 Annex A controls plus management system clauses.
Service Organization Control 2 (Trust Services Criteria)
AICPA Trust Services Criteria — security, availability, confidentiality, integrity, privacy.
Payment Card Industry Data Security Standard (v4.0)
12 requirements for any entity handling cardholder data.
Personal Data Protection Law (Saudi Arabia)
Lawful basis, DPO, RoPA, breach notification (72h to SDAIA).
One platform, four disciplines
Evidence collected against any one discipline counts toward every framework it satisfies — the Unified Control Framework removes the duplicate-evidence work that defines spreadsheet-based GRC.
Compliance
780+ Saudi & international controls pre-mapped. SAMA, NCA, PDPL, ISO, SOC, PCI.
Risk Management
ISO 27005-aligned risk register, inherent/residual scoring, KRIs, treatment plans.
Business Continuity
SAMA BCM + ISO 22301 lifecycle — policy, BIA, DRP, exercises, lessons learned.
Audit Management
IIA-aligned internal audit universe, working papers, findings, QAIP.
Saudi-first, not Saudi-translated
Saudi-built framework engine
Every SAMA, NCA and PDPL control is pre-loaded with the canonical reference ID, not adapted from a US framework template. Inspectors see the structure they recognise.
Bilingual interface
Full Arabic + English coverage across the workspace, documentation and reporting. Audit packs export bilingual by default for the Saudi regulator audience.
Riyadh + Dammam delivery
Implementation, onboarding and inspection-readiness work delivered locally. Data residency available inside Saudi Arabia for PDPL and SAMA Outsourcing Regulations.
- 780+
- Saudi & international controls
- 4
- Live framework references
- 6
- Free readiness assessments
- 100%
- Saudi-built · Riyadh + Dammam
See your compliance posture against every Saudi regulator — in one workspace.
Book a 30-minute call with the GRC Vantage team in Riyadh or Dammam, or start with a free readiness assessment — no signup, instant score, prioritised remediation roadmap.