AWS Advanced Tier PartnerISO 9001:2015 CertifiedISO 27001:2022 Certified
Book Free Review →
SAMA Cybersecurity on AWS

SAMA Cybersecurity Framework on AWS, properly implemented.

SAMA-regulated entities (banks, FinTech, payment service providers, insurance) must demonstrate maturity across the SAMA Cybersecurity Framework. We map SAMA control domains to specific AWS services and deliver evidence packs that survive SAMA inspection.

Book Free Architecture Review →View Saudi Arabia Hub
AWS Advanced Tier Partner
Google Cloud Partner
RedHat Partner
Google Cloud Partner
ISO 27001:2022 Certified
ISO 9001:2015 Certified
Saudi Arabia · BankingSAMA · L1 to L5 Maturity

Maturity, not checkbox compliance.

5
Maturity Levels
4
Domains
90+
Controls
Annual
Inspection
SAMA expects maturity. A bank at Maturity Level 2 can be audited as harshly as one at Level 4 if its evidence is weak. We engineer for the evidence, not just the checklist.— HAZERCLOUD SAMA practice
SAMA on
AWS.
SAMA framework structure

Four domains, five maturity levels.

The SAMA Cybersecurity Framework applies to all SAMA-regulated entities: banks, FinTechs, payment service providers, insurance. It is structured around four domains (Cybersecurity Leadership and Governance, Cybersecurity Risk Management and Compliance, Cybersecurity Operations and Technology, Third Party Cybersecurity) and five maturity levels (Initial through Optimized).

The framework includes a specific cloud computing annex. SAMA expects regulated entities to demonstrate not just that they have controls, but that those controls are operating at a defensible maturity level.

Cloud workloads on AWS get extra scrutiny. SAMA requires evidence of cloud governance, third-party risk management for AWS itself, data residency arrangements, and operational continuity for cloud-dependent services.

SAMA Domains Mapped to AWS

Four domains, AWS-native implementations.

1

Leadership & Governance

AWS Organizations, AWS Control Tower, IAM Identity Center, AWS Config. Centralized policy enforcement across accounts.

2

Risk Management & Compliance

AWS Audit Manager, AWS Config rules, AWS Security Hub. Continuous compliance monitoring with SAMA-aligned controls.

3

Operations & Technology

AWS GuardDuty, AWS Inspector, AWS WAF, AWS Shield, KMS, CloudTrail. Layered defenses with SAMA-defensible logging.

4

Third Party Cybersecurity

AWS Artifact for AWS attestations. Vendor risk register for AWS itself. SAMA cloud annex compliance.

Our SAMA Engagement Process

Three phases to maturity uplift.

Maturity Assessment

Current state mapped to SAMA framework. Gap analysis. Target maturity level agreed with SAMA expectations.

Implementation

8 to 16 weeks. AWS architecture changes. Control implementations. Evidence collection automation.

Audit Readiness

Pre-inspection mock audit. Evidence pack assembled. SAMA-defensible documentation reviewed.

The Founder Commitment

Same AWS-certified specialist, discovery to handover.

The AWS-certified specialist on your discovery call leads the implementation team on your engagement. No bait-and-switch. No junior-led delivery. Six touchpoints I personally own: discovery call, architecture sign-off, weekly review, every material decision, every deliverable sign-off, and 30 days post-handoff.

Jobin JosephFounder & CTO, HAZERCLOUD INFOTECH LLP
AWS Security Specialty5× AWS Certified
SAMA Maturity Uplift

SAMA Cybersecurity on AWS.

30-minute call. Direct with the founder. One specific recommendation about your SAMA maturity gap and how AWS can close it.

Book Free Architecture Review →

AWS Advanced Tier Services Partner · ISO 27001:2022 · ISO 9001:2015 · 5× AWS-Certified Founder