Cybersecurity, GRC and Compliance
Deep cybersecurity practice with a strong GRC arm. IT audits across AI, infrastructure, network, and security. Full NCA ECC, SAMA CSF, PDPL, ISO 27001, NIST, SOC 2, and PCI-DSS coverage. Advisory and implementation, not just assessment.
FANUUN BCG delivers end-to-end cybersecurity and GRC consulting across Saudi Arabia's most demanding regulatory environments. We combine deep technical expertise with a thorough understanding of NCA, SAMA, and PDPL requirements.
Unlike advisory-only firms, we implement. Our team designs security architectures, builds compliance programmes, and develops the governance documentation that allows organisations to demonstrate regulatory adherence and defend decisions independently during audits.
Key Deliverables
- NCA ECC 2.0 gap assessment and remediation
- SAMA Cybersecurity Framework implementation
- PDPL compliance programme and data mapping
- ISO 27001 implementation and certification readiness
- IT security audit across all infrastructure layers
- Cybersecurity strategy and risk management
- SOC design, technology selection, and implementation
- Incident response planning and tabletop exercises
- CISO advisory and virtual CISO services
IT Audits and Assessments
Comprehensive audits covering AI systems, infrastructure, networks, applications, and security controls. Gap analysis, risk register, and prioritised remediation roadmap in every engagement.
GRC and Compliance
Framework implementation across NCA ECC, SAMA CSF, PDPL, ISO 27001, and other applicable standards. Evidence documentation and audit readiness built into every programme.
Cybersecurity Strategy
Comprehensive security strategy aligned with your risk appetite and KSA regulatory requirements. Translating risk into a prioritised, funded programme with board-level visibility.
Security Architecture
Review and design of security architectures covering network segmentation, IAM, data protection, endpoint security, and cloud security, all aligned with KSA regulatory requirements.
SOC Design and Advisory
Security Operations Centre design, technology selection, implementation support, and operational readiness assessment. From concept to a functioning, governed SOC.
Threat and Risk Assessment
Systematic identification, evaluation, and prioritisation of cybersecurity risks across your technology estate, aligned with regulatory obligations and business risk appetite.
Accredited Delivery Partners
ISO 27001
Implementation and Audit
NIST
Cybersecurity Framework
PECB
Accredited Training Partner
NCA
ECC Aligned Delivery
SAMA
CSF Aligned Delivery