Products Capabilities Process About START FREE ASSESSMENT
SAMA CSF · FREE MATURITY ASSESSMENT

Know exactly
where you stand.
In ten minutes. Free.

A self-service maturity assessment against the SAMA Cybersecurity Framework. Answer guided questions and get a complete, board-ready report — your overall score, a domain-by-domain breakdown, gap analysis, and a prioritized action plan.

SAMA CSF maturity report — overall maturity gauge with four domain scores
THE OLD WAY

Finding out where you stand used to mean weeks of consultant interviews and a five-figure invoice — just to get a baseline.

The SAMA Cybersecurity Framework spans four domains, twenty-three subdomains, and sixty-plus control areas. This tool turns that scope into a guided, ten-minute self-assessment anyone on your team can run — as often as you like.

4Domains
23Subdomains
60+Control areas
HOW IT WORKS

From first click
to full report.

  1. 01

    Tell us about your org

    Name, sector, and size — eight regulated categories from banking to fintech. A short setup, then straight into the assessment.

  2. 02

    Choose your depth

    A quick 23-question pulse, or a detailed control-by-control deep dive. Switch any time.

  3. 03

    Let it scope itself

    Six yes/no questions about your environment tailor the assessment to only what applies to you.

  4. 04

    Answer in plain language

    Pick the description that matches your reality. No jargon, no scoring math. Progress saves as you go.

  5. 05

    Get your report

    An interactive, presentation-ready dashboard appears the moment you finish.

THE PAYOFF

Not a score.
A plan you can act on.

The moment you finish, a complete, presentation-ready maturity report appears — six connected views that carry you from exactly where you stand to exactly what to do next.

01 · Overview

It opens with
your score.

Your overall maturity on a clean visual gauge, your level from Ad Hoc to Optimized, and an at-a-glance read on how all four framework domains scored — the whole picture, the instant you finish.

Overview — overall maturity gauge, maturity level badge, and four domain summary cards
Overall maturity gauge A single, board-ready number out of 5.0.
Ad Hoc → Optimized Your maturity level, named in plain language.
Four-domain summary How each domain scored, side by side.
02 · Heatmap

Strengths and gaps,
lit up at a glance.

A colour-coded map of every assessed area. Green where you're strong, red where you're exposed — your weakest points jump out instantly, no reading required.

Exposed Developing Strong
Heatmap — colour-coded maturity across every assessed subdomain, red through green
03 · Gap Analysis

See the climb to
your target.

For every area, your current maturity sits against a realistic next-step target — and the whole list is sorted by the size of the gap, so the biggest opportunities are right at the top.

Third-Party L1 → L2 Governance L2 → L3 Operations L3 → L4
Gap Analysis — current maturity versus next-step target, sorted by gap size
04 · Recommendations

Know what to
fix first.

Specific, framework-aligned guidance for each area, tailored to your current level — filterable by priority, so the critical work rises straight to the top of the pile.

Critical High Medium Low
Recommendations — framework-aligned guidance, filtered by priority
05 · Action Items

A report that becomes
a working plan.

Every recommendation turns into a prioritized, tickable checklist. Work through it, check items off, and watch a one-time assessment become an improvement plan you actually run.

  • Establish a formal cyber risk register
  • Define incident response roles & runbooks
  • Roll out access reviews across critical systems
Action Items — a prioritised, tickable checklist drawn from the recommendations
06 · Domain Details

Then drill into
any domain.

Expand any of the four domains to see every subdomain's score alongside the concrete steps to reach the next maturity level — the summary up top, the specifics underneath.

Domain Details — an expandable breakdown of every subdomain score and its next steps

Then export the whole report as a file, or print it to a polished PDF for your board, your leadership, or your auditors.

TWO MODES

A quick pulse, or an
audit-grade deep dive.

Detailed Assessment

40–67 questions · control by control

Two to three precise questions per subdomain with weighted scoring, for compliance prep and audits. Includes Smart/Guided scoping and Expert hand-picking.

  • Granular, weighted maturity scoring
  • Smart/Guided mode scopes it for you
  • Expert mode to pick exact domains
WHY IT'S DIFFERENT

Free. Private.
Built for SAMA.

Your data never leaves your device

Nothing you enter is ever sent to a server, stored in a database, or seen by anyone — your assessment data stays entirely with you. For a regulated financial institution, that privacy guarantee isn't a promise to trust; it's structural. Assess with complete confidence.

Free & instant

No cost, no sales call, no waiting. Get a professional-grade baseline whenever you want one — before an audit, after an investment, or to track progress quarter over quarter.

SAMA-native

Not a generic maturity model with a SAMA label. Every question, level, and recommendation was authored around the framework's real structure by Saudi compliance specialists.

An action plan, not just a score

Most assessments tell you where you are. This one tells you what to do next — in priority order, with a checklist you can actually work from.

Designed for real people

Plain-language questions, guided scoping, and clear visual results mean anyone on a security or compliance team can run a meaningful assessment — not only a seasoned auditor.

WHO IT'S FOR

For everyone measured against SAMA.

Banks & financial institutions Insurers Fintechs & payment providers CISOs & security leaders Compliance teams Consultants & advisors
READY?

Know your SAMA maturity
by this afternoon.

It's free, it's private, and it takes about ten minutes — and you walk away with a board-ready picture of exactly where you stand.

START FREE ASSESSMENT

Want it walked through? Book a demo or email talktous@graxoconsulting.com