Run the whole group's compliance from one platform
Give every subsidiary its own isolated portal, with its own views, progress, and data. A root administrator switches between the parent and child organizations from one authorized account.
Every subsidiary is an island
The accountability sits with the group
The parent is accountable for GRC across its subsidiaries, while each subsidiary works in its own tools, files, and regulatory scope. So the group-level program runs on correspondence, meetings, and manually assembled spreadsheets.
One subsidiary is SAMA-supervised, another is in NCA scope. Each has its own frameworks, depending on its sector and activities.
A different tool or spreadsheet in every subsidiary means a different program in every subsidiary, with no consistent way of working.
When subsidiaries are managed out of shared files, what belongs to one entity mixes with what belongs to another.
Isolated for every entity Accessible through one authorized root account
A holding company and its subsidiaries run in HAKTIV as linked organizations. Each subsidiary gets its own isolated portal, with its own views, progress, and data, walled to itself. A root administrator has permission to switch between the parent and child organizations from one authorized account, running the program in each entity from one place, without one entity's data mixing with another's.
Every subsidiary has its own scope and its own frameworks
Each subsidiary activates the frameworks in its own scope: NCA frameworks, SAMA frameworks, PDPL, ISO/IEC 27001, or PCI DSS v4.0.1, depending on its sector and activities. And inside each entity, the Unified Control Library maps overlapping requirements to shared controls, so work is reused wherever the mapping applies.
One way of working, with every subsidiary's people taking part
Inside each entity, the GRC team runs its program in Org View, and employees take part through Employee View: acknowledging policy versions, answering questionnaires, and submitting evidence, in one auditable workflow per subsidiary. The group gets one consistent way of working, while each entity keeps its own data and its own record.
Isolation at the entity level, and data in the Kingdom
Each entity is isolated with its own data, with role-based access, segregation of duties, and full audit logging. For cloud deployments, customer and compliance data is hosted, stored, and processed in the Google Cloud Dammam region, with no processing or transfer outside the Kingdom of Saudi Arabia. A dedicated tenant or on-premises deployment is available depending on the group's requirements.
Book a demo for your group
A 30-minute walkthrough covering the parent and subsidiary model, isolation between entities, root-admin switching, and the frameworks in scope for each of your group's entities.
Book a demo