Sentinel UnityGRC Platform
KSA Financial Sector

SAMA CSF Compliance — Built for Saudi Financial Institutions

The Saudi Arabian Monetary Authority Cyber Security Framework is mandatory for every bank, insurer, and financial institution in the Kingdom. Sentinel Unity covers all SAMA CSF domains with purpose-built TPRM, cyber risk, and governance modules.

Issued by: Saudi Arabian Monetary Authority (SAMA) • Applies to: Banks, Insurance, Finance Companies

Request DemoView TPRM Module
5
Domains
Required
Vendor Risk
Annual
Assessment
Financial
Sector Only

Framework Domains

Five SAMA CSF domains — fully covered

01
14 Controls

Cyber Security Leadership & Governance

Board-level cybersecurity governance, CISO role, strategy, and reporting obligations.

02
10 Controls

Cyber Security Risk Management

Risk appetite, risk assessment processes, and risk treatment aligned to financial sector threats.

03
22 Controls

Cyber Security Operations & Technology

The largest domain covering identity, network, endpoints, logging, and security monitoring.

04
8 Controls

Third-Party Cyber Security

Vendor tiering, due diligence, contractual security obligations, and ongoing monitoring.

05
6 Controls

Cyber Security Resilience

Incident response, disaster recovery, and business continuity for financial operations.

Vendor Risk

SAMA's third-party cybersecurity obligations

SAMA places significant obligations on financial institutions to assess and manage cybersecurity risk in their vendor relationships.

Vendor Classification

All vendors must be risk-tiered based on data access, operational criticality, and regulatory exposure.

Pre-Engagement Due Diligence

Security questionnaires, ISO certificates, and penetration test reports required before vendor onboarding.

Contractual Security Clauses

Right to audit, breach notification timelines, and minimum security standards in all vendor contracts.

Periodic Reassessment

Annual or bi-annual security questionnaires and continuous monitoring of vendor risk posture.

See how Sentinel Unity handles SAMA CSF compliance for financial institutions

Join banks, government entities, energy, telecom, and diversified groups across the Gulf who use Sentinel Unity to govern risk, manage compliance, and protect their organizations.

Book a Live DemoContact Sales

No commitment required. Typical demo is 45 minutes.