How to Comply with SAMA Encryption Requirements

22 Sep 2020 | Michael Waksman

Do you know about the new regulations introduced by the Saudi Arabian Monetary Authority (SAMA)? If your company or organization is based in Saudi Arabia, then you should! Here you will learn what are the SAMA regulations and what they have to say about 'Cryptography'. We will then share 3 steps on how you can build a successful strategy to comply with SAMA encryption requirements. 

Cryptography chart screenshot

 SAMA in a Nutshell

  • When?
    The SAMA regulations were passed in May 2017.
  • What?
    The regulations are laid out in the Cyber Security Framework that was released by the Saudi Arabian Monetary Authority (SAMA). Objectives of the framework:
    1.  Create a common approach for addressing cyber security. 
    2.  Achieve an appropriate maturity level of cyber security controls. 
    3.  Ensure cyber security risks are effectively managed. 
  • Who?
    The SAMA regulations are mandatory to follow for all financial institutions that operate in Saudi Arabia, including: 
    - Banks
    - Insurance and reinsurance companies
    - Financing companies
    - Credit bureaus
    - The Financial Market Infrastructure


What Does SAMA Say about Encryption Requirements?

In short, the SAMA regulations state that cryptographic solutions must be defined, approved, and implemented by member organizations. Companies must also take responsibility for the management of encryption keys, as well as lifecycle management, archiving, and recovery. The image below provides a closer look at what the regulations say about encryption.

SAMA encryption requirements screenshot

Prepare for SAMA Compliance

Complying with SAMA encryption requirements doesn’t have to be difficult. Just follow these 3 steps and make sure that your organization is compliant both now and in the future. 

1. Understand where your data resides
First, make sure you know where your data is saved. Monitor your data flow and keep track of where your information is stored, as well as how it’s being accessed and shared. Awareness of where your data is located will make it simpler to set up an encryption plan that takes all of your data into consideration. 

2. Classify and get organized
Build a data inventory by arranging your information in order of importance and risk. You should also consider putting someone in charge of data protection. Having a member of the team that’s formally dedicated to data protection will let your customers (and compliance officers) know that you are committed to protecting their sensitive information. 

3. Use the right tools
What kind of data do you need to encrypt? Answering this question will help you decide what type of encryption software your company should use. For example, if you want to make sure your data is secure if one of your devices is stolen or lost, you should use whole disk encryption to protect complete hard drives. Then again, if you want to protect a device that’s in use, you should invest in software that encrypts selected files. Finally, if you are concerned about data in transit, you should use an application that provides end-to-end encryption.  

How Encryption Works

The best encryption solution for your organization is a complete data protection program. Data encryption makes use of advanced algorithms to scramble your sensitive information into random characters. Only by using a personalized key, also known as password, are you able to convert your data back into the original text. 

Want to learn more about encrypting data and how encryption works? Check out our ultimate guide

Michael Waksman Jetico CEO bio image
Michael Waksman

Michael Waksman has been serving as CEO of Jetico since 2011, more than doubling the size of the company during his tenure. He brings more than 20 years of communications, technology and leadership experience.

At Jetico, Waksman has lead creation of the corporate identity, raising global brand awareness, building a more commercially-driven team and initiating enterprise customer relations. Jetico has maintained a wide user base throughout the U.S. Defense community, in the global compliance market and for personal privacy.

Waksman served as vice-chairman of the Cyber Group for the Association of Finnish Defense and Aerospace Industries. Recognized as a security and privacy advocate, he is a frequent speaker at international events, occasionally on behalf of the Finnish cyber security industry. In 2012, Waksman was honored with The Security Network's Chairman's Award for fostering collaboration between the United States and Finland. As dual citizen, he is a native New Yorker and has been living in the Helsinki region for over 15 years.

View all blog posts

Thank you for contacting Jetico!
We will respond to you as soon as possible.

Send us a message - we'll reply within 24 business hours.

Need help now? Call
US: 202 742 2901 EU: +358 9 2517 3030