NCA Cloud Cybersecurity Controls (CCC)

The Saudi Cloud Cybersecurity Controls (CCC) law is a regulation implemented by the National Cybersecurity Authority (NCA) of the Kingdom of Saudi Arabia to enhance cybersecurity measures in cloud computing environments. The law aims to protect sensitive data and ensure the privacy and security of individuals and organizations operating within the Kingdom.

Sysprove Consulting has been assisting a number of organisations in meeting the CCC requirements. Our experience in working with multiple organisations in KSA including the oil & gas industry, financial sector, manufacturing, supply chain & logistics, education, etc. has provided us with insights on the requirements as well as the basis to align with the controls.

Our approach follows the regulation’s needs with the addition of information security requirements necessary for the organisation that complement the CCC regulation. Sysprove has extensive experience in defining cybersecurity programs based on NIST CSF, SABSA, ISO 27001, HIPAA, GDPR, PDPL, FISMA, SOC2, and CIS.

Our Methodology

Understand the context of the organisation

Perform a gap analysis against the CCC controls.

Create a plan to close the gaps

Implement the plan by creating the required documentation

Support the organisation in the implementation process

Perform an internal audit against the implemented controls to ensure compliance

Support closing of findings

For details on the Saudi Cloud Cybersecurity Controls (CCC) refer to the official document released by NCA.

Previous Next
Test Caption
Test Description goes like this