CCDS GRC & Consultation Services

GRC Services

The cyber security landscape is changing as it is becoming more crucial to the growth of organizations as a result of living in a world of rapid digital transformation. The traditional approach to cyber security does not align properly with current business goals and provide the appropriate level of assets’ protection.

To help organizations overcome these challenges, CCDS provides a wide range of governance risk and compliance (GRC) services including advisory, design and implementation services to meet the individual needs of each customer. These services range from establishing a strategic direction for your cyber security program to providing detailed technical evaluations of IT assets.

We use our high-level expertise in the field while working closely with our customers to provide best in class governance risk and compliance (GRC) services. Regardless of the maturity of your cyber security program, CCDS can help your organization improve its ability to deal effectively with cyber security challenges.

Saudi Local Framework

SAMA – Saudi Arabian Monetary Authority


NCA – National Cybersecurity Authority

The NCA is the government entity in charge of cybersecurity in Saudi Arabia and serves as the national authority on its affairs.

  • The Saudi Cybersecurity Workforce Framework (SCyWF)
  • The National Cryptographic Standards
  •  The Saudi Cybersecurity Higher Education Framework
  •  The National Policy for Managed Security Operations Centers
  •  The regulatory Framework for Licensing Managed Security Operations Center Services

CITC – Communication & Information Technology Commission

It is our responsibility to enable an innovative communications infrastructure, while ensuring that services provided within the Kingdom meet the accessibility, performance, fairness and value standards that we set.


The CCC Program was established to ensure all Saudi Aramco third parties are in compliance with the cybersecurity requirements in the Third Party Cybersecurity Standard (SACS-002).

Insurance Authority

The regulator for the insurance sector of the Kingdom of Saudi Arabia. Shaping a dynamic sector centred around:

  • Stability and financial soundness
  • Policyholder protection
  • Sector growth and development
  • Insurance awareness

International Framework

ISO – International Standard Organization

The International Organization for Standardization is an international standard development organization composed of representatives from the national standards organizations of member countries.
CCDS certifications  |  ISO 27001  |  IS0 27005  |  ISO 20000

Security Standard Council

The PCI Security Standards Council’s mission is to enhance global payment account data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders.

NIST – National Institute of Standards & Technology

 NIST (National Institute of Standards and Technology) is a non-regulatory agency under the US Department of Commerce. Its primary role is to develop standards (particularly for security controls) that apply to various industries.