SAMA
Saudi Central Bank | All financial institutions | • Data must be stored within Saudi Arabia
• Annual security audit
• Emergency response plan
• Third-party risk management | • On-premises Class C cloud region deployment
• Pre-configured compliance checklist
• Automatic generation of audit evidence packages
• Supplier compliance assessment |
NCA
National Cyber Security Agency | critical infrastructure | • Class C certification (Restricted data)
• Implementation of cybersecurity framework
• Incident reporting system
• Personnel security review | • Class C certified environment provides
• Network security monitoring services
• Compliance incident response procedures
• Security training programs |
CITC
Communications and Information Technology Committee | Communication and cloud service providers | • Localization service requirements
• Service quality standards
• Consumer protection
• Technical standard compliance | • Local technical support center
• Service Level Target Agreement
• Arabic service documentation
• Standards compliance certification |
PDPL
Personal Data Protection Act | All companies that process personal data | • Data subject rights protection
• Restrictions on cross-border data transfers
• Data breach notification
• Privacy impact assessment | • Data classification and labeling schemes
• Cross-border data transfer protocols
• Establishment of a privacy management system
• Leakage detection and response |
