Overlapping frameworks
One program
Financial institutions supervised by the Saudi Central Bank manage overlapping requirements at once: SAMA's Cyber Security and Business Continuity frameworks, PCI DSS v4.0.1 for payments, ISO/IEC 27001 as a baseline, and PDPL where personal data is in scope. HAKTIV maps overlapping requirements to shared controls, and the people who actually hold the evidence take part in the work.
Same control, same evidence, more than once
When every framework runs as its own project, the same control gets evidenced two and three times, and the same departments get asked for the same proof every cycle. The overlap that should save work multiplies it.
The SAMA assessment, the PCI DSS validation, and the ISO/IEC 27001 audit run as separate tracks, even though their requirements overlap.
The people who run the systems hold the proof, while the GRC team is accountable for collecting and reviewing it every time.
A maturity assessment, an annual validation, and an external audit each reopen the same files.
SAMA Cyber Security and Business Continuity, as structured controls
Activate what is in scope for your institution, assign control ownership, and track implementation, evidence, and remediation in one place, with status per control and per framework.
See the SAMA frameworks we supportOne control across SAMA, PCI DSS, and ISO/IEC 27001
The Unified Control Library maps overlapping requirements to shared controls and keeps a shared control's evidence, tasks, and status connected across the frameworks it is mapped to. One access-control evidence package may support corresponding requirements across SAMA CSF, PCI DSS v4.0.1, and ISO/IEC 27001 where the mappings apply, so the same proof is not collected twice.
See cross-framework reuse in a demoCompliance does not stop at the compliance department
In Org View, the GRC team runs policies, risk, controls, and evidence. In Employee View, the rest of the institution takes part, from IT to operations to HR, without navigating a specialist GRC interface. Every response returns to one auditable workflow, with segregation of duties enforced by the system.
Your institution's risk methodology, as it is, inside the platform
Financial institutions have established risk methodologies, and HAKTIV adapts to yours rather than imposing a preset matrix. Configure the factors, formulas, ranges, control effectiveness, and asset values, collect input through Employee View, route assessments to the risk owner for approval, and track treatment and evidence in one register.
Tenant isolation, and data that stays in the Kingdom
HAKTIV enforces tenant isolation, with encryption in transit and at rest and audit logging at the infrastructure and application levels. For cloud deployments, customer and compliance data is hosted, stored, and processed in the Google Cloud Dammam region, with no processing or transfer outside the Kingdom of Saudi Arabia. A dedicated tenant or on-premises deployment is available for institutions that require it.
Book a demo built around your frameworks.
A 30-minute walkthrough covering SAMA frameworks, PCI DSS v4.0.1, and ISO/IEC 27001 on shared controls, department participation through Employee View, and your risk methodology.
Book a demo