Brief on NCA ECC Compliance

The National Cyber Security Authority (NCA) of Saudi Arabia developed the Essential Cyber Security Controls in the year 2018. It was developed after a comprehensive study of various national and international Cyber Security Frameworks and Standards. The NCA ECC was developed to ensure organizations maintain and support the Cyber Security initiative to protect the interests, national security, critical infrastructure, and government services. It was developed with an aim to set minimum Cyber Security requirements for information and technology assets in organizations of Saudi Arabia. The controls requirements developed are based on industry-leading practices which intend to help organizations minimize Cyber Security Risks. The Essential Cyber Security Controls (ECC) comprises-

1. 5 Cyber Security Main Domains.

2. 29 Cyber Security Sub-Domains.

3. 114 Cyber Security Controls.

The controls outlined were developed after a comprehensive review of all the legal, regulatory requirements, global Cyber Security best practices analysis of Cyber Security incidents, and attacks on government establishments, and considering opinions of various prominent business firms of the country. In addition to the ECC Standard, the National Cyber Security Authority of Saudi Arabia introduced Critical Systems Cyber Security Controls (CSCC) in the year 2019. The NCA CSCC mandates the minimum Cyber Security requirements for critical systems within national organizations.




    Our Approach to NCA ECC Compliance

    Initial Kickoff
    Initial Kickoff

    We sit with your team to understand your business processes and the environment to accordingly consolidate the scope of Compliance.

    Scope Definition
    Scope Definition

    Taking into account all the relevant business, regulatory, and compliance requirements, our team helps in defining the scope for NCA ECC Compliance.

    Gap Assessment
    Gap Assessment

    Our team of experts will assess the current state of your NCA ECC Compliance and identify gaps in security controls, systems, and the environment against Compliance requirements.

    Risk Assessment
    Risk Assessment

    We conduct a comprehensive Risk Assessment based on the NCA ECC Cyber Risk Management Framework to identify areas that could possibly be exploited and result in a data breach.

    Risk Treatment Plan
    Risk Treatment Plan

    Our team develops effective Risk Treatment Plans to remediate the gaps and risks identified to acceptable levels. We can also assist you in developing and implementing a data breach management response that can blend with your existing Incident Response Plan.

    Policy & Procedure rollout support
    Policy & Procedure rollout support

    Our Security Analyst will help you build and roll out effective policies and procedures for your organization, in line with NCA ECC.

    User Training
    User Training

    Our team of experts will conduct User Training programs for all personnel covered in scope on their specific Compliance responsibilities. Training materials for future use shall be provided.

    NCA ECC Compliance Audit
    NCA ECC Compliance Audit

    After a reasonable gestation period, a separate team of qualified and experienced Auditors conduct a Pre-assessment of your setup and ensure all measures are implemented and identify any deviations from the defined NCA ECC policies and procedures.

    NCA ECC Compliance

    Why work with VISTA InfoSec?

    Audit certificate and report released from the US for maximum market branding and acceptability of your organization.
    Vendor-neutral Consultancy & Advisory Service Company.
    Strict no Outsourcing Policy.
    Provide secure Cloud-based portal with two-factor authentication for reporting and progress tracking.
    Specialize in Risk Management, Compliance Solutions, and Consultancy Services.
    Focus on Cyber Resilience, Data Protection, and Cyber Security Solutions.
    Pragmatic Approach towards achieving Compliance.
    More than a decade of industry experience and expertise.
    Frequently Asked Questions

    Frequently Asked Questions on NCA ECC Compliance

    The National Cyber Security Authority (NCA) is Saudi Arabia’s competent national entity responsible for boosting Cyber Security and protecting vital interests, national security, and sensitive infrastructure.

    The National Cyber Security Authority (NCA) of Saudi Arabia introduced the Essential Cyber Security Controls to establish a strong security framework and ensure organizations maintain and support the Cyber Security initiative to protect the national security, critical infrastructure, high priority sectors, and government services.

    The NCA ECC applies to government organizations in Saudi Arabia, including ministries, authorities, establishments, companies, entities, and private sector organizations owning, operating, or hosting Critical National Infrastructures (CNIs).

    The Essential Cyber Security Controls consist of 5 Cyber Security main domains, 29 Cyber Security subdomains, 114 Cyber Security controls. The ECC main domains are:
    • Cyber Security Governance
    • Cyber Security Defense
    • Cyber Security Resilience
    • Third-Party and Cloud Computing Cyber Security.
    • Industrial Control Systems (ICS) Cyber Security

    Depending on the scope, a basic assessment including Gap Analysis should cost around $12,000 USD.

    Discover our latest resources