Scenario: NCA ECC Compliance Assessment
This walkthrough demonstrates how to conduct a compliance assessment against the Saudi National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC).
Scenario Context
Your organization needs to assess compliance with NCA ECC 2024. The IT Audit team will evaluate all 114 controls across 5 domains.
Step 1: Set Up the Framework
- Navigate to Compliance → Frameworks
- Click NCA ECC (pre-loaded)
- Review the 5 domains and 114 controls
- Click Start Assessment
Step 2: Create the Engagement
- Navigate to Engagements → + New → Use Wizard
- Select type: Compliance
- Link to: NCA ECC framework
- AI generates scope covering all 5 domains:
- Cybersecurity Governance
- Cybersecurity Defense
- Cybersecurity Resilience
- Third-Party Cybersecurity
- Cloud Computing Cybersecurity
Step 3: Execute Testing
For each NCA ECC control:
- Open the control in the compliance framework view
- Click Create Workpaper for the control
- AI suggests test procedures based on the control requirement
- Execute the test procedure
- Rate compliance: Compliant, Partially Compliant, Non-Compliant
- Upload supporting evidence
Step 4: Gap Analysis
- Navigate to Compliance → NCA ECC → Gap Analysis
- View the compliance heatmap showing:
- ✅ Compliant controls (green)
- ⚠️ Partially compliant controls (amber)
- ❌ Non-compliant controls (red)
- AI generates a gap analysis summary highlighting critical gaps
- Create findings for each non-compliant control
Step 5: Generate Compliance Report
- Navigate to Reports → + New → Compliance Report
- Select framework: NCA ECC
- AI generates:
- Overall compliance percentage
- Domain-by-domain breakdown
- Critical gaps with remediation recommendations
- Action plan timeline
- Export as branded PDF for NCA submission
Result
| Metric | Value |
|---|---|
| Total Controls | 114 |
| Compliant | 87 (76%) |
| Partially Compliant | 19 (17%) |
| Non-Compliant | 8 (7%) |
| Findings Created | 27 |
| Remediation Actions | 27 |