SAMA spotlight | ITGF | IT operations management

Kingdom of Saudi Arabia | 20 February 2023

In November 2021, the Saudi Central Bank (SAMA) issued a circular

on IT governance frameworks as part of its cybersecurity rules and
instructions - with four intertwined domains: IT governance and
leadership; IT risk management; IT operations management; and
systems change management.
SAMA's risk-based IT risk management ƒ Asset management
framework prescribes IT principles - a main ƒ Interdependencies
set of IT controls - and control requirements -
ƒ SLA management
mandated IT controls which provide additional
ƒ IT availability and capacity management
direction. Where control requirements cannot
be implemented, SAMA licensees are expected ƒ Data centre management
to apply compensating controls, formally ƒ Network architecture and monitoring
accept any ensuing risk and request a formal ƒ Batch processing
waiver from that control from SAMA. The IT
ƒ IT incident management
operations management domain includes 11
ƒ IT problem management
focus areas:
ƒ Data back up and reliability
ƒ Virtualisation

Principles/expectations
ƒ Accurate inventory provided by asset management process
ƒ Interdependencies for critical assets identified and managed
ƒ Contractual terms and conditions govern roles, relationships, obligations and responsibilities
Contact us:
of stakeholders
ƒ Business functions supported
Srikant Ranganathan
Senior Director ƒ Future performance and capacity requirements predicted
srikant.ranganathan@keypoint.com ƒ IT facilities and equipment protected from damage/unauthorised access
+966 50 063 8273
ƒ IT event management and network architecture controls protect network from unauthorised
access
Tom Gilbert
Director
ƒ Batch management process efficiently bulk processes automated tasks
tom.gilbert@keypoint.com ƒ IT incident management process identifies, responds and handles incidents and reports
+966 53 250 9866
relevant incidents to SAMA
ƒ Procedures to report IT problems defined to minimise impact
Darrshan Manukulasooriya
Senior Manager | IT Consulting
ƒ Data backup management strategy defined, approved and implemented
darrshan.m@keypoint.com ƒ Processes to create, distribute, store, use and retire virtualised images defined and managed
+966 55 395 1254
Work products and other outcomes:
Muhammad Nauman Chisty
Assistant Manager | IT Consulting
nauman.chisty@keypoint.com
+966 13 845 9237

Yusuf Nooruddin
Assistant Consultant | IT Consulting
yusuf.nooruddin@keypoint.com
+966 13 845 9232

www.keypoint.com Your success is our business