SAMA Compliance Advisory Service is a NourNet grc services offering that provides governance, risk, and compliance advisory service to support alignment with SAMA regulatory requirements. The service is delivered using the commercial model “One-Time” and measured by “Service”. It can be combined with relevant NourNet cloud, connectivity, cybersecurity, data-center, managed and professional services to form an end-to-end solution. Final sizing, architecture, price, service levels and responsibilities are confirmed through the approved quotation and service schedule.
SAMA Compliance Advisory Service
Contact Sales
Governance, risk, and compliance advisory service to support alignment with SAMA regulatory requirements.
Service Information
- Unit
- Service
- Billing Model
- One-Time
- Minimum Contract
- One-time order or project engagement
- SLA
- Milestone-, deliverable- and response-based service levels defined in the statement of work
- Activation Time
- Project kickoff typically within 5–10 business days after purchase order and scope confirmation
- Region
- Saudi Arabia
- Data Residency
- Saudi Arabia
Key Features
- Structured assessment against the applicable framework or regulatory requirement
- Gap analysis, risk prioritization and actionable remediation roadmap
- Evidence, policy and governance support tailored to the customer environment
- Executive and technical reporting with clear ownership and recommendations
- Assessment against applicable SAMA cybersecurity requirements
- Prioritized compliance roadmap and evidence guidance
- Description
- Service Details
- Additional information
- Service Scope
- Prerequisites
- Exclusions
- Compliance
Service Details
SAMA Compliance Advisory Service is a NourNet grc services offering that provides governance, risk, and compliance advisory service to support alignment with SAMA regulatory requirements. The service is delivered using the commercial model “One-Time” and measured by “Service”. It can be combined with relevant NourNet cloud, connectivity, cybersecurity, data-center, managed and professional services to form an end-to-end solution. Final sizing, architecture, price, service levels and responsibilities are confirmed through the approved quotation and service schedule.
| Unit | Service |
|---|---|
| Billing Model | One-Time |
| Source Category | GRC Services |
| Region | Saudi Arabia |
| Data Residency | Saudi Arabia |
Service Scope
- Kickoff and stakeholder workshops
- Current-state assessment and evidence review
- Gap and risk analysis
- Recommendations, roadmap and agreed deliverables
Prerequisites
- Approved purchase order and final technical/commercial scope
- Authorized customer contacts and timely access to required information
- Completion of security, connectivity and access prerequisites
- Customer approval of the service design and responsibility matrix where applicable
- Named stakeholders and framework scope
- Availability of policies, evidence, risk records and process owners
Exclusions
- Items not explicitly listed in the contracted scope
- Third-party licenses, subscriptions or hardware unless specifically quoted
- Customer application changes, remediation or data cleansing unless included
- On-site activities, after-hours work or travel unless explicitly included
- Formal certification issuance by an independent certification body
- Implementation of remediation controls unless separately scoped
Compliance
- Framework mapping and compliance deliverables are limited to the contracted advisory scope
- Customer management retains accountability for risk acceptance and regulatory decisions
- Supports assessment and remediation planning against applicable SAMA cybersecurity requirements
