Frameworks and regulatory requirements

The Saudi and international frameworks HAKTIV supports

Structured, pre-mapped controls instead of a blank sheet. Activate what applies, then reuse work across overlapping requirements.

Cross-framework reuse

With the Unified Control Library, one control, and its evidence, can count across several of these frameworks where the mappings apply.

See cross-framework reuse in a demo
NCA frameworks

NCA frameworks, pre-mapped and ready to activate

Run the NCA frameworks in your scope as a structured program, with ownership, evidence, and remediation in one connected system.

Who it applies to

Entities within the NCA's defined national scope; which frameworks apply depends on your sector, activities, and infrastructure.

What HAKTIV currently supports
ECCDCCTCCCSCCCCCOSMACCOTCC
Cross-framework reuse

One shared control carries its evidence and status across NCA, SAMA, ISO/IEC 27001, and PCI DSS mappings, so you never collect the same proof twice.

See the NCA frameworks in a demo
Org View · NCA ECC controls
Activated
ControlRequirementOwnerStatus
1-4-1Cybersecurity roles and responsibilitiesCISO officeImplemented
2-2-3Privileged access managementIT InfrastructurePartially
2-9-1Backup and recovery managementIT OperationsImplemented
3-1-3Cybersecurity resilience in BCMBusiness ContinuityNot implemented
Evidence submitted through Employee View · reviewed in Org Viewaudit-logged
How controls are structured

Each framework is broken into its controls, with implementation status, assigned owners, and linked evidence. Your team tracks progress per control and per framework in Org View.

How evidence and ownership work

Control ownership is assigned to the people and departments who hold the proof. They submit evidence through Employee View; the GRC team reviews it in Org View. Every file is versioned and audit-logged, and separation of duties is enforced, so the uploader cannot approve their own evidence.