SAMA
Discover, protect and securely erase sensitive data – meeting SAMA's Cyber Security Framework requirements across Saudi Arabia's financial sector.
Meet SAMA’s Data Protection Requirements with Jetico’s Solutions
The Saudi Central Bank, formerly known as the Saudi Arabian Monetary Authority and still referred to by the acronym SAMA, introduced the Cyber Security Framework in 2017. The framework guides financial institutions on protecting information assets and online services across the Saudi financial sector.
Before sensitive data can be protected or erased, it must first be located. A practical SAMA strategy starts with data discovery, then applies encryption to data that must be retained and secure wiping when data is no longer needed.
SAMA Data Wiping
- Wiping practices are covered in Section 3.3.11 “Secure Disposal of Information Assets”.
- The SAMA Cyber Security Framework mandates that organizations securely dispose of information assets when they are no longer needed—review all SAMA wiping requirements.
- To help your organization with SAMA compliance, we offer BCWipe to wipe selected files and folders and BCWipe Total WipeOut to erase entire hard drives.
SAMA Encryption
- Section 3.3.9 of the SAMA regulations states: “The use of cryptographic solutions within the Member Organizations should be defined, approved and implemented.”
- Encryption is one of the primary cryptographic measures organizations can implement to protect data – review SAMA encryption requirements.
- To help your organization with SAMA compliance, we offer BestCrypt Container Encryption to safeguard files and folders and BestCrypt Volume Encryption to protect entire hard drives.
Data Discovery & Classification – Your First Step to SAMA Compliance
How Jetico Maps to SAMA Cyber Security Framework Controls
Jetico’s solutions support specific SAMA Cyber Security Framework control
considerations across secure disposal and cryptography of information assets.
Secure Disposal of Information Assets – SAMA Section 3.3.11
| SAMA Control Considerations | BCWipe Solutions |
|---|---|
| “Information assets should be disposed in accordance with legal and regulatory requirements when no longer required (i.e., meeting data privacy regulations to avoid authorized access and (un)intended data leakage).” | BCWipe Total WipeOut and BCWipe comply with U.S. Department of Defense (DoD 5220.22-M), U.S. Department of Energy (DoE M 205.1-2) and other recognized wiping standards. BCWipe Total WipeOut securely erases the contents of hard drives and SSDs beyond recovery, while BCWipe protects against data spills and accidental release of information. |
| “Sensitive information should be destroyed using techniques to make the information non-retrievable (e.g., secure erase, secure wiping, incineration, double crosscut, shredding).” | Jetico’s BCWipe applies secure data wiping that shreds the contents of files and disk space – including data remanence – beyond forensic recovery, supporting good cyber hygiene practice. |
| “The Member Organization should ensure that third-party service providers used for secure disposal, transport and storage comply with the secure disposal standard and procedure, and the effectiveness is periodically measured and evaluated.” | IT asset disposition vendors (ITADs) can deliver complete data removal from IT assets using ADISA-certified BCWipe Total WipeOut before recycling, resale or destruction of hard drives. |
Cryptography – SAMA Section 3.3.9
| SAMA Control Considerations | BestCrypt Solutions |
|---|---|
| The use of cryptographic solutions within the Member Organizations should be defined, approved and implemented. | BestCrypt Volume Encryption protects entire hard drives on laptops, desktops and external devices, while BestCrypt Container Encryption secures specific files and folders on shared workstations and network environments. Both solutions support centrally defined and approved deployment across Saudi financial institutions. |
| The cryptographic security standard should include an overview of the approved cryptographic solutions and relevant restrictions (e.g., technically, legally). | BestCrypt implements a wide range of industry-standard algorithms – AES, RC6, ARIA, Twofish and Camellia – each at the maximum key size allowed by the algorithm’s specifications. Member Organizations can select the algorithms approved by their internal cryptographic standard. |
| The cryptographic security standard should include the management of encryption keys, including lifecycle management, archiving and recovery. | Jetico’s BestCrypt solutions support key lifecycle management, including secure key generation, archiving and centralized key recovery in case of emergency or forgotten password. |
Compliant with Leading Data Erasure & Security Standards
With Jetico, You Can
Jetico helps you discover where sensitive data resides, protect it while it’s needed and securely erase it when it’s no longer required – supporting every stage of the data lifecycle SAMA expects you to control.
Need Help to Comply with SAMA?
Our data protection specialists are here for you.
About SAMA Compliance
All financial institutions regulated by SAMA are responsible for complying with the Cyber Security Framework, including:
- Banks
- Insurance companies
- Finance companies
The Cyber Security Framework defines requirements across cybersecurity governance, risk management, incident response and operational controls including encryption, secure data disposal and access management. The framework applies to all member organizations regulated by SAMA, regardless of size, and is enforced through periodic assessments.
Be sure to check out our other blogs covering compliance strategies and best practices, and learn how to meet data wiping and encryption guidelines for SAMA compliance.
News & Blogs
Stay updated with the latest news, insights, trends and expert tips on data protection and cybersecurity.
Check back here regularly for news and blogs