Committee journey

9:41

Hijri18 Dhu Al-Qadah

Gregorian4 May 2026

Riyadh18:00 KSA

Chair view · IT Steering Committee

Two decisions need you.

Closes 4 May · 18:00 KSA Open

Framework waiver 3.3.6.j needs an ITSC vote.

Appendix C chain, 5 of 7 votes cast, no deviations recorded.

Threshold6/7

Cast5

VisibilityCEO, SAMA

Next meeting

Tue 5 May · 14:00 KSA

Q2 2026 Quarterly Review

Boardroom · quorum reached · 5 agenda items

Quorum met

When you have time

9:42

IT Steering Committee

Q2 2026 Quarterly Review

Tue 5 May · 14:00 KSA · 2 hours

Quorum6 of 7N. Al-Dosari attends as Internal Audit observer.

Met

Composition verified. CIO, CRO, CISO, Compliance, Internal Audit observer. 3.1.1.3

IT Risk Profile Review30 min · CISO3.2.4

Q2 KRI / KPI Dashboard20 min · CIO3.1.9

Risk Acceptance: Legacy DB15 min · Vote3.2.3

Framework Waiver: 3.3.6.jVote · co-sign · CEO · SAMAAppendix C

IT Strategy H2 202625 min · CIO3.1.2

9:43

Agenda 4 · Decision

Framework waiver

Control 3.3.6.j · centralized authentication

Awaiting ITSC vote · 5/7

Appendix C chain

✓

Owner requestSubmitted by IT Operations

✓

CIO reviewMazen approved

•

ITSC voteYour step now

Co-signCIO and owner

CEO signStep-up authentication

SAMA submitAppendix D bundle

SAMA 3.3.6.j: Centralized authentication server should be deployed. Waiver via Appendix C required.

Compensating controls

4-hour vendor access windows
Per-session CISO approval
Session recording, 12-month retention 3.3.6.l
Quarterly Risk Committee review

Validity12 monthsMatches SAMA default.

Default

9:44

ITSC vote · Step 3 of 6

Cast your vote

Waiver 3.3.6.j · no deviations

Threshold6/7

Cast so far5

Visible toCEO, SAMA

Justification required

Hash-chained audit trail. Visible to ITSC, CEO, and SAMA. 3.1.1.4.e

9:45

✓

Vote recorded

All ITSC members have voted.

OutcomeApproved

6 Approve · 0 Object · 1 Abstain

Observer abstained. 3.1.1.3.c

Chain advanced to co-sign

✓

Owner

✓

CIO

✓

ITSC

•

Co-sign

Appendix C: CIO and owner must co-sign before the CEO step.

9:46

Viewing as Sultan AlQudiry · CEO

CEO view · SIMAH

Three items need a decision.

SAMA ITGF postureLevel 3

3.1Avg maturity

82%Compliant

4Below L3

2Deviations

SAMA report due 30 Jun. Circular 6

Awaiting action

Minutes

LAudit Q1 in-cameraAC members only

Composition gap: Risk Committee missing Legal. CMA 67

9:47

CEO · Step 5 of 6

Waiver 3.3.6.j

Confidential · awaiting CEO

Appendix C signing chain

✓

OwnerSubmitted and co-signed

✓

CIOReviewed and co-signed

✓

ITSC6 of 7 approved

•

CEO signatureYour step now

SAMA submissionWaits for signature

Signing

Submit waiver 3.3.6.j to SAMA Cyber Risk Control for 12-month validity. Appendix C

Sign with Face IDStep-up authentication, cryptographic signature.

1 / 7 · Home

SIMAH · IT Steering Committee
Committee Edition · Q2 2026

One inbox.
Three committees.
Five seconds.

The CIO sits on three committees with different roles. The app surfaces what needs action now, not 47 unread emails.

SAMA-linked, each committee shows its framework reference 3.1.1

Three roles, one identity, Chair, Observer, Member. Different authority per committee

Waiver vote leads, 6-step Appendix C chain with deadline

Every agenda item
anchored to a
SAMA control.

Quorum auto-computed. Composition validated. The agenda is the compliance map.

Control badges, Risk Profile to 3.2.4, KPI Dashboard to 3.1.9 ITGF

Composition check, CIO, CRO, CISO, Compliance, Internal Audit 3.1.1.3

6-step chain, Vote, Co-Sign, CEO, SAMA visible on one screen App C

The framework
guides the committee.

Inline SAMA control text. Deviation tracking. Cross-references between related controls.

Guidance inline, actual 3.3.6.j text from the framework ITGF

Deviation tracking, green if matching default. Gold if deviating

Cross-references, compensating controls cite related controls 3.3.6.l

Forensic-grade voting.
Not generic e-vote.

Justification is mandatory. Every vote is hash-chained. The trail goes to SAMA.

Required justification, hash-chained, visible to ITSC, CEO, SAMA 3.1.1.4.e

Chain context, step 3 of 6, no deviations. Voter sees the full picture

The chain
auto-advances.

CIO and Business Owner co-sign after ITSC vote. Most platforms miss this step.

Co-sign from Appendix C, both must sign before CEO step App C

Zero routing, vote closes, chain advances, co-signers notified, CEO queued

The CEO dashboard
no peer ships.

Compliance posture. Deviation badges. In-camera locked. Composition gaps flagged.

SAMA posture, maturity 3.1/5, 82% compliant, 4 below L3, 2 deviations ITGF

Visibility tiers, Audit in-camera locked. CEO sees label, not content

Auto-escalation, materiality breach with SAMA deadline 3.3.8.9

The audit trail
is the product.

SHA-256 hash chain. Tamper-evident. Appendix D export. One click.

Hash-chained, 8 events, each references the previous

SAMA bundle, Appendix D cover, signed JSON, papers, justifications

Two decisions need you.

Framework waiver 3.3.6.j needs an ITSC vote.

Q2 2026 Quarterly Review

Q2 2026 Quarterly Review

Framework waiver

Cast your vote

Vote recorded

Three items need a decision.

Waiver 3.3.6.j

Signed and submitted

One inbox.Three committees.Five seconds.

Every agenda itemanchored to aSAMA control.

The frameworkguides the committee.

Forensic-grade voting.Not generic e-vote.

The chainauto-advances.

The CEO dashboardno peer ships.

The audit trailis the product.

One inbox.
Three committees.
Five seconds.

Every agenda item
anchored to a
SAMA control.

The framework
guides the committee.

Forensic-grade voting.
Not generic e-vote.

The chain
auto-advances.

The CEO dashboard
no peer ships.

The audit trail
is the product.