Free Tool

Compliance Score Calculator

Answer 8 questions and get your estimated NCA ECC & SAMA CSF compliance score — plus a gap analysis.

QUESTION 1 OF 8

Do you have a documented Information Security Policy approved by senior management?

Yes — fully documented, approved and communicated to all staff

Partially — exists but not formally approved or distributed

No — not in place

QUESTION 2 OF 8

How mature is your Risk Management process?

Formal risk register, regular reviews, risk owners assigned

Ad-hoc risk assessments, no formal register

Minimal — risks identified only during incidents

No formal risk management process

QUESTION 3 OF 8

Do you perform regular vulnerability assessments and penetration testing?

Yes — quarterly or more, by certified testers, findings tracked

Annual assessments only

Occasionally, no structured process

Never performed

QUESTION 4 OF 8

How is access to sensitive systems controlled?

Role-based access control, MFA enforced, quarterly access reviews

Basic access controls, some MFA, infrequent reviews

Passwords only, no formal access review process

Minimal or no access controls

QUESTION 5 OF 8

Do you have a formal Incident Response plan?

Yes — documented, tested annually, team trained

Documented but never tested

Informal process, not documented

No incident response plan

QUESTION 6 OF 8

How is cybersecurity awareness handled for employees?

Mandatory training, phishing simulations, regular updates

Annual training only

Ad-hoc awareness, no structured program

No awareness program

QUESTION 7 OF 8

How do you manage third-party and vendor risk?

Formal vendor assessments, contracts include security clauses, ongoing monitoring

Vendor questionnaires, but no ongoing monitoring

Minimal vendor review during procurement only

No vendor risk management process

QUESTION 8 OF 8

How do you currently track compliance with NCA ECC or SAMA CSF?

Dedicated GRC tool with real-time dashboards

Spreadsheets and manual tracking

Mostly in people's heads / email threads

We don't actively track compliance

Answer all 8 questions to see your score