Practitioner's guides

Kevala Guides

Plain-English FAQs for the regional frameworks Kevala ships out of the box. Each one answers the questions compliance and security teams actually ask, grounded in the official source text.

Written for practitioners, not lawyers. No marketing, no jargon: scope, who must comply, the obligations, the assessment process, and how each framework overlaps with the others so you can assess once and reuse.

Cybersecurity

NCA ECC FAQ

Saudi Arabia's Essential Cybersecurity Controls: who must comply, how the framework is structured, the assessment process, and reuse with ISO 27001 and SOC 2.

Read the FAQ

Financial sector

SAMA CSF FAQ

The Saudi Central Bank's Cyber Security Framework: who must comply, the maturity model, self-assessment and audit, and reuse with ISO 27001 and PCI.

Read the FAQ

Data protection

PDPL FAQ

Saudi Arabia's Personal Data Protection Law: scope and extraterritorial reach, lawful bases, data subject rights, cross-border transfer, and breach notification.

Read the FAQ

Need a framework we do not have a guide for yet? Kevala still supports it out of the box or as a custom import. Talk to us.