Compliance Frameworks
AIIA provides built-in support for Saudi and international regulatory frameworks, enabling compliance mapping, gap analysis, and continuous compliance monitoring.
Built-In Frameworks
| Framework | Description | Domain |
|---|---|---|
| NCA ECC | National Cybersecurity Authority — Essential Cybersecurity Controls | Cybersecurity |
| PDPL | Personal Data Protection Law (Saudi Arabia) | Data Privacy |
| CSCC | Cloud Security Compliance Certification | Cloud Security |
| SAMA CSF | Saudi Arabian Monetary Authority — Cyber Security Framework | Financial Services |
| ISO 27001 | Information Security Management System | Information Security |
| COSO | Committee of Sponsoring Organizations — Internal Control Framework | Internal Controls |
| COBIT | Control Objectives for Information and Related Technologies | IT Governance |
| SOX | Sarbanes-Oxley Act | Financial Reporting |
Key Capabilities
| Capability | Description |
|---|---|
| Framework Library | Pre-loaded regulatory frameworks with all controls |
| Control Mapping | Map internal controls to framework requirements |
| Gap Analysis | Identify unmet framework requirements |
| Compliance Scoring | Percentage-based compliance score per framework |
| Evidence Linking | Attach evidence to framework controls |
| Custom Frameworks | Build your own compliance frameworks |
| Assessment Tracking | Track compliance assessments over time |
| Reporting | Generate compliance status reports |
Compliance Workflow
Getting Started
- NCA ECC → — Saudi cybersecurity compliance
- PDPL → — Personal data protection
- CSCC → — Cloud security certification
- Custom Frameworks → — Build your own
- Gap Analysis → — Identify compliance gaps
Related Documentation
- Audit Universe — controls library maps to frameworks
- Findings — compliance findings
- Monitoring — continuous compliance monitoring