Cyber Matterz

NCA ECC Compliance

The Essential Cyber Security Controls (ECC) were introduced by the National Cyber Security Authority (NCA) of Saudi Arabia in 2018. This framework was meticulously crafted following an in-depth analysis of various national and international Cyber Security Frameworks and Standards. The NCA ECC serves as a cornerstone in ensuring that organizations actively contribute to and uphold the Cyber Security initiative, safeguarding national interests, critical infrastructure, and government services. Its primary objective is to establish baseline Cyber Security requirements for information and technology assets across organizations in Saudi Arabia. Rooted in industry-leading practices, these controls aim to assist organizations in mitigating Cyber Security Risks effectively. NCA ECC consists of below domains:

1. 5 Cyber Security Main Domains.

2. 29 Cyber Security Sub-Domains.

3. 114 Cyber Security Controls.

 These controls were formulated following a thorough examination of legal and regulatory requirements, global best practices in Cyber Security, analysis of incidents, and attacks on government establishments, considering perspectives from prominent business firms. In conjunction with the ECC Standard, the National Cyber Security Authority of Saudi Arabia introduced the Critical Systems Cyber Security Controls (CSCC) in 2019. The CSCC, mandated by the NCA, sets the minimum Cyber Security requirements for critical systems within national organizations.

Cyber Matterz ApproachTo NCA ECC Compliance

Initial study

Begin with an initial business analysis to grasp the intricacies of your card processes and the surrounding environment. Afterward, streamline the scope.

Scope Definition

Gain insight into your company's functions, controls, and systems to delineate the necessary scope (People, Process, and Technology).

Gap Analysis

Evaluate your organization against the NCA ECC to pinpoint areas that demand focus.

Awareness Training

Provide a concise NCA ECC Awareness Training session for your organization.

Asset Classification

Recognize your vital information assets and categorize them accordingly, establishing a distinct inventory of assets.

Risk Assessment

Undertake a comprehensive risk assessment to uncover vulnerabilities and deficiencies that may pose a threat to your organization's business-critical assets.

Risk Treatment

Our specialists will prioritize the identified risks and support you in devising suitable measures for risk treatment.

Documentation Support

We aid in developing policy and procedure documents, incorporating input and validation from your team.

Policy rollout support

Our process and technical team will work closely with your team to support the implementation of NCA ECC and associated policy rollouts.

Rollout User Training

Implement a user training initiative on specific NCA ECC responsibilities for all personnel within the defined scope, accompanied by provided training materials.

Pre-Assessment

An independent team of specialists performs a preliminary evaluation of your setup and assesses the implemented measures after a reasonable incubation period.

NCA ECC Compliance Audit

Following a reasonable gestation period, a dedicated team of qualified and experienced auditors carries out a pre-assessment of your infrastructure. This ensures the implementation of all measures and identifies any deviations from the established policies and procedures outlined by the NCA ECC.

Continual support

If required, we offer continuous support through Managed Compliance Services to help your organization maintain its certified status.

Why

Cyber Matterz?

  • Issuing audit certificates and reports for enhanced organizational market branding and acceptance.
  • Providing a secure cloud-based portal with two-factor authentication for reporting and progress tracking.
  • Operating as a vendor-neutral consultancy and advisory service company.
  • Strictly adhering to a no outsourcing policy.
  • Specializing in risk management, compliance solutions, and consultancy services.
  • Focusing on areas such as cyber resilience, data protection, and cybersecurity solutions.
  • Employing a pragmatic approach to ensure compliance.
  • Backed by over a decade of industry experience and expertise.

Enquire Us

Book An Appointment

October 2024
Mon
Tue
Wed
Thu
Fri
Sat
Sun
30
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
1
2
3

NCA ECC, CCC, OTCC, OSMACC, DCC Compliance