Axidian recently hosted a webinar for security and IT leaders in Saudi Arabia, focused on one of the most important topics for financial organizations in 2025 — compliance with the Saudi Arabian Monetary Authority (SAMA) Cyber Security Framework.
The session gathered professionals from across the banking, insurance, and finance sectors — all working toward the same goal: achieving cyber resilience and audit-readiness.
We presented our approach to SAMA compliance that targets cyber security maturity level 3 and above — as defined in the Framework. Reaching this level means that an organization has defined, approved, and implemented cybersecurity controls. It also monitors compliance with its cybersecurity documentation to ensure that security practices are consistently followed and improved over time.
SAMA Cybersecurity Framework: what to focus on in 2026
The framework, developed by SAMA, aims to strengthen the Kingdom’s financial sector against cyber threats. It defines four domains, 32 subdomains, and 249 controls — each representing a key step toward cybersecurity resilience and regulatory compliance.
During the session, Georgy Ovanesyan, CEO at Axidian, ISMS Lead Auditor ISO/IEC 27001, and Anna Surovova, Global Sales Director, presented a practical roadmap for organizations seeking to align with SAMA requirements. The discussion covered:
- How to interpret and prioritize controls across the 4 domains of SAMA CSF.
- How to reach maturity level 3 using an achievable and measurable approach.
- How to automate identity security using Axidian Access, Axidian Privilege, and Axidian CertiFlow.
- How identity and access management solutions support continuous compliance and reporting.
Attendees also received practical checklists to help prepare for upcoming SAMA audits and reduce manual effort during control verification.
How Axidian solutions support SAMA compliance
Axidian solutions help organizations cover multiple domains of the SAMA Cyber Security Framework:
- Axidian Privilege (PAM) — provides centralized privileged access control, session monitoring, and account discovery, supporting several SAMA control areas such as access management, monitoring, and audit readiness.
- Axidian Access (IAM) — enables strong authentication, SSO, and MFA for internal and remote access, ensuring compliance with authentication and identity verification controls.
- Axidian CertiFlow — automates certificate lifecycle management and management policies for PKI tokens, helping organizations maintain crypto security compliance across endpoints and networks.
By combining these solutions, companies can secure access to critical resources, simplify audit reporting, achieve and maintain compliance across hybrid and multi-cloud infrastructures.
Missed the session?
Watch the recording to explore how Saudi financial organizations can streamline SAMA compliance using identity security solutions from Axidian. The webinar includes practical examples, implementation tips, and answers from our experts.
Axidian has also developed a practical SAMA compliance guide — focused on implementation, not theory. It’s available upon request, together with the checklist and webinar recording to help your team optimize the time and processes related to compliance and audits.
