Free Introductory Session
A consultative conversation — not a scored assessment — to review your program at a high level and recommend next steps.
Organizations exploring where to start

Is your organization ready to deliver on Vision 2030 — securely, and with trustworthy AI? An independent, standards-based answer to where you stand today, and a clear, prioritized path forward.
Senior international cyber & AI practitioners with track records in leading Western enterprises and global standards bodies — hands-on experience with ISO/IEC 27001, NIST CSF 2.0, the NIST AI Risk Management Framework, OWASP, and MITRE ATT&CK / ATLAS.
Saudi national professionals with current, practitioner-level command of the Kingdom's own regulatory regime — NCA, ECC, SDAIA, SAMA, and CST.
Every engagement pairs these two skill sets on the same workstreams — so findings are simultaneously benchmarked internationally and defensible in front of a Saudi regulator.
A consultative conversation — not a scored assessment — to review your program at a high level and recommend next steps.
Organizations exploring where to start
A structured self-assessment questionnaire across all 18 domains, validated in a half-day workshop, scored at the domain level. No technical testing or deep AI model testing.
A fast, budget-conscious readiness pulse-check
The full methodology — document review, 30–50 interviews, technical validation, AI model risk testing, full regulatory gap mapping.
An audit- and regulator-ready baseline for board, investor, or tender scrutiny
The free session and Basic Assessment are accessible entry points — not a substitute for the full Comprehensive Assessment. If a Basic Assessment surfaces material risk, we'll tell you plainly and recommend moving to the full program.
Scoping workshop and evidence request.
Interviews, technical validation, document review.
Scoring against our maturity model and regulatory mapping.
Prioritized, resourced roadmap.
Executive presentation and full report.
NCA Essential Cybersecurity Controls (ECC-2), NCA Critical Systems Cybersecurity Controls (CSCC), NCA Cloud Cybersecurity Controls (CCC), NCA Data Cybersecurity Controls (DCC), SAMA Cyber Security Framework, PDPL & Implementing Regulations, SDAIA AI Ethics Principles & Generative AI Guidelines, National Strategy for Data & AI (NSDAI), CST cybersecurity regulations.
ISO/IEC 27001, 27701, 22301, 42001, 23894, 38507 · NIST Cybersecurity Framework 2.0 · NIST AI Risk Management Framework · CIS Controls v8 · MITRE ATT&CK & ATLAS · OWASP Top 10 & Top 10 for LLM Applications · COBIT 2019 · CSA Cloud Controls Matrix · SOC 2.
Every finding and recommendation is traceable to a named standard or regulatory control — ready to use as audit evidence, board reporting, or regulator submission.
No cost. No obligation. 45–60 minutes with the Office of the CISO.