Our expert staff is standing by to answer your questions

Saudi Data Management and Personal Data Protection Standards

Saudi Data Management and Personal Data Protection Standard is a data security and management standard that applies to all government entities as well as all private organizations that handles the data of the public organizations.

The National Data Management Office (NDMO) as a national regulator of data has developed this standard. The purpose of this standard is to implement and govern effective data management practices across government entities and all business partners dealing with Government data.

This standard consists of 15 domains 77 controls and 191 specifications. The specifications are bifurcated into three priorities, i.e. P1, P2 and P3. The implementation of the specifications will be carried out in accordance with the said standard. For instance,

  • At the end of year 1: All specifications with priority 1 are implemented.
  • At the end of year 2: All specifications with priority 1 and priority 2 are implemented.
  • At the end of year 3: All specifications with priority 1, priority 2 and priority 3 are implemented.

The organisation will conduct the compliance assessment at the level of each specification and assigned the 100% to specifications that are fully implemented and 0% will be assigned that are either partially or not implemented.

Our professional experts possess expertise in order to deliver the effective and efficient services on a timely fashion. They will develop the project plan consisting on the following areas so as to deliver the desired services to client.

  • Performing Gap analysis
  • Conducting Risk Assessment
  • Performing Remediation Planning
  • Policy Documentation and Support
  • Training the Staff
  • Performing Internal Audit
  • Management Review
  • Assured Successful audit

GRC360 consultants have provided their professional services with regard to the said standards in a professional manner. Our consultants have provided a set of extensive reports, policies and procedure documents etc. to clients at the end of the project.