INITIALIZING
📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global vulnerability Government and Critical Infrastructure CRITICAL 1h Global apt Cryptocurrency and Blockchain CRITICAL 9h Global malware Financial Services / Cryptocurrency CRITICAL 10h Global insider Cloud Computing and SaaS HIGH 11h Global vulnerability Industrial Control Systems / Operational Technology CRITICAL 11h Global ransomware Corporate/Enterprise CRITICAL 12h Global ransomware Retail/E-commerce HIGH 13h Global vulnerability Software Development and AI/ML Services CRITICAL 15h Global vulnerability Healthcare, Operational Technology, Industrial Control Systems CRITICAL 16h Global phishing Enterprise/Information Technology HIGH 17h Global vulnerability Government and Critical Infrastructure CRITICAL 1h Global apt Cryptocurrency and Blockchain CRITICAL 9h Global malware Financial Services / Cryptocurrency CRITICAL 10h Global insider Cloud Computing and SaaS HIGH 11h Global vulnerability Industrial Control Systems / Operational Technology CRITICAL 11h Global ransomware Corporate/Enterprise CRITICAL 12h Global ransomware Retail/E-commerce HIGH 13h Global vulnerability Software Development and AI/ML Services CRITICAL 15h Global vulnerability Healthcare, Operational Technology, Industrial Control Systems CRITICAL 16h Global phishing Enterprise/Information Technology HIGH 17h Global vulnerability Government and Critical Infrastructure CRITICAL 1h Global apt Cryptocurrency and Blockchain CRITICAL 9h Global malware Financial Services / Cryptocurrency CRITICAL 10h Global insider Cloud Computing and SaaS HIGH 11h Global vulnerability Industrial Control Systems / Operational Technology CRITICAL 11h Global ransomware Corporate/Enterprise CRITICAL 12h Global ransomware Retail/E-commerce HIGH 13h Global vulnerability Software Development and AI/ML Services CRITICAL 15h Global vulnerability Healthcare, Operational Technology, Industrial Control Systems CRITICAL 16h Global phishing Enterprise/Information Technology HIGH 17h

📖 How to Use the System

Complete guide to every platform feature — from signup to generating board-ready executive reports

👔 Role-Based Guides

Select your role to see the most relevant features for you

👔
CISO / Security Leader
Organization-wide security oversight, board reporting, strategic compliance planning
📋
Compliance Officer
Day-to-day compliance management, gap tracking, policy creation, audit preparation
🛡️
IT Security Engineer
Technical implementation, risk scoring, threat monitoring, vulnerability management
🏢
GRC Consultant
Multi-client management, white-label reporting, scalable assessments
📊
Executive / Board Member
High-level dashboards, compliance status, risk posture, executive summaries
👥
Team Member
Task execution, training completion, document uploads, activity tracking

🚀 Getting Started — 8 Steps

From signup to fully operational in under 20 minutes

1

📝 Create Your Account

⏱ 2 minutes

Sign up at the onboarding page. Enter your organization name, select your industry, choose a subscription plan (Starter, Professional, or Enterprise), and create your admin account.

2

🧙 Complete Setup Wizard

⏱ 5 minutes

The onboarding wizard guides you through: organization profile, framework selection (SAMA CSF, NCA ECC, PDPL, ISO 27001), team invitations, and your first AI analysis.

3

🔍 Run First Gap Analysis

⏱ 3 minutes

Navigate to Compliance → click "New Analysis" → select framework → describe your scope and current evidence → AI generates a comprehensive gap assessment with scores and recommendations.

4

📄 Generate Your First Policy

⏱ 2 minutes

Go to Policies → select policy type (e.g., Information Security, Access Control, Incident Response) → AI generates a professional bilingual policy aligned with your selected frameworks.

5

⚡ Score Your Risks

⏱ 2 minutes

Open Risk Scores → describe a risk scenario → AI calculates severity, likelihood, impact, and provides mitigation strategies with cost estimates in SAR.

6

📊 Generate Executive Report

⏱ 3 minutes

Navigate to Reports → AI compiles your analyses, policies, and risk data into a board-ready executive report with charts, compliance scores, and action items. Export as PDF.

7

👥 Invite Your Team

⏱ 2 minutes

Go to Settings → Team tab → invite members by email. Assign roles: Owner (full access), Admin (manage settings), Member (use features), Viewer (read-only).

8

🎨 Customize Your Branding

⏱ 3 minutes

Settings → Branding tab → set your primary and accent colors, upload light/dark logos, set custom CSS, configure your subdomain (yourorg.ciso.sa).

🛠️ Feature Guide — 19 Features

Every feature with detailed explanation and tips for optimal usage

📊
Dashboard
+

Your command center. View compliance scores across all frameworks, recent activity, pending deadlines, unread messages, and quick-action buttons for common tasks.

💡 Pro Tips
Check dashboard daily for deadline alerts
Use the compliance score trend to track progress
Quick-action buttons save 3-4 clicks per task
🔍
Compliance Gap Analysis
+

AI-powered gap assessment against SAMA CSF, NCA ECC, PDPL, and ISO 27001. Upload evidence, describe your current state, and receive scored recommendations with remediation priorities.

💡 Pro Tips
Be specific about your current controls for better analysis
Run separate analyses for each framework
Re-run quarterly to track improvement
📋
AI Policy Generator
+

Generate professional bilingual policies from 15+ templates: Information Security, Access Control, Incident Response, Data Classification, BYOD, Remote Work, Third-Party Risk, and more.

💡 Pro Tips
Generated policies include your org name and framework references
Export as PDF for board presentation
Review and customize before publishing
Risk Scoring Engine
+

Describe any risk scenario and AI calculates: severity score (1-100), likelihood, business impact, financial exposure in SAR, and provides mitigation strategies with timelines.

💡 Pro Tips
Include financial context for more accurate SAR estimates
Compare multiple scenarios to prioritize
Link to compliance gaps for full picture
📄
Executive Reports
+

AI-generated board-ready reports combining compliance scores, risk posture, policy coverage, and action items. Professional formatting with charts and recommendations.

💡 Pro Tips
Schedule monthly reports for board meetings
Include trend data by running regular analyses
Export PDF with your branding
🤖
AI Compliance Copilot
+

Chat-based AI assistant with full context of your compliance data. Ask questions like: "What are our biggest SAMA gaps?", "Draft an incident response procedure", "Explain NCA ECC control 2-3-4".

💡 Pro Tips
Copilot has access to all your analyses and policies
Ask for specific framework control explanations
Use for quick compliance questions vs running full analysis
🔧
Remediation Tracker
+

Auto-generates project plans from gap analysis findings. Each gap becomes an actionable task with priority, timeline, responsible party, and completion tracking.

💡 Pro Tips
Generate remediation plans right after gap analysis
Assign tasks to team members
Track completion percentage over time
🛡️
Threat Intelligence
+

AI-generated threat briefings specific to your industry and region. Daily/weekly reports covering emerging threats, vulnerabilities, and recommended defensive actions for Saudi organizations.

💡 Pro Tips
Set industry for relevant threat feeds
Share briefings with security team
Check weekly for new vulnerability alerts
📝
Policy Review Assistant
+

Upload existing policies for AI review. Get compliance scoring, gap identification, improvement suggestions, and framework alignment checks.

💡 Pro Tips
Review all policies annually
Compare scores before and after updates
Focus on critical policies first
📚
Security Training
+

AI-generated training modules for your team. Topics include security awareness, phishing recognition, data handling, incident reporting, PDPL compliance, and role-specific training.

💡 Pro Tips
Assign training per role
Track completion rates
Quarterly refresher recommended
🔎
Audit Preparation
+

AI analyzes your compliance data and generates audit-ready documentation: evidence checklists, control mapping sheets, interview prep guides, and finding prediction.

💡 Pro Tips
Run 2 weeks before scheduled audit
Use evidence checklist to gather documents
Practice with AI-generated interview questions
📎
Document Analyzer
+

Upload documents for AI analysis. Extracts key compliance information, identifies gaps, and suggests improvements aligned with your selected frameworks.

💡 Pro Tips
Upload policies, procedures, and evidence
AI identifies missing controls
Use findings to update your gap analysis
📅
Compliance Calendar
+

Track regulatory deadlines, audit dates, policy review schedules, and custom milestones. Color-coded by priority with reminder notifications.

💡 Pro Tips
Set reminders 30 days before deadlines
Add recurring annual reviews
Filter by framework or priority
💬
Secure Messaging
+

Communicate securely with your consultant and team. Message threads, file attachments, and activity-linked discussions.

💡 Pro Tips
Link messages to specific compliance items
Use for audit-related communications
All messages are encrypted and logged
📁
Document Vault
+

Secure document storage with versioning, access control, expiry dates, and categories. Upload evidence, policies, certificates, contracts, and audit reports.

💡 Pro Tips
Organize by category for easy audit access
Set expiry dates for certificates
Version control tracks document changes
🔔
Notification Center
+

Real-time in-app notifications: new messages, compliance alerts, deadline reminders, AI analysis completions, billing events, and team updates.

💡 Pro Tips
Configure notification preferences in Settings
Filter by type to focus on what matters
Mark all as read for a clean inbox
💳
Billing & Subscription
+

Manage your subscription plan, view payment history, upgrade/downgrade, and configure billing details. Supports mada, Visa, Mastercard, Apple Pay.

💡 Pro Tips
Annual billing saves 20%
Upgrade anytime — takes effect immediately
Download invoices for accounting
⚙️
Settings
+

7 tabs: Profile, Security (change password), Notifications (6 toggles), Team (invite/manage), Organization, Branding (white-label), Usage & Plan (quota meters).

💡 Pro Tips
Enable MFA for enhanced security
Set notification preferences to avoid overload
Monitor usage meters to avoid hitting quotas
📋
Activity Timeline
+

Visual timeline of all organizational activity: analyses, policies, logins, deadlines, messages. Filter by team member or date range.

💡 Pro Tips
Use to track team productivity
Filter by member for individual performance
Export for audit evidence

📋 Framework Quick Reference

🏦
SAMA CSF
Saudi Arabian Monetary Authority Cybersecurity Framework
Who needs it: Banks, insurance, fintech, payment companies regulated by SAMA
Scope: 4 domains, 29 subdomains, 195+ controls
🛡️
NCA ECC
National Cybersecurity Authority Essential Cybersecurity Controls
Who needs it: All government entities and critical infrastructure operators in Saudi Arabia
Scope: 5 main domains, 114 controls
🔐
PDPL
Personal Data Protection Law (نظام حماية البيانات الشخصية)
Who needs it: Any organization processing personal data of Saudi residents
Scope: 43 articles covering data subject rights, consent, cross-border transfer
🌐
ISO 27001:2022
Information Security Management System
Who needs it: Any organization seeking international security certification
Scope: 4 themes (Organizational, People, Physical, Technological), 93 controls

🔄 Common Workflows

📋 Quarterly Compliance Review +
1 Run gap analysis for each active framework
2 Compare scores with previous quarter
3 Generate remediation plan for new gaps
4 Create executive report with trend data
5 Present to board with PDF export
🔍 Audit Preparation +
1 Run Audit Prep AI for readiness assessment
2 Collect evidence in Document Vault
3 Set deadlines in Compliance Calendar
4 Review policies with Policy Review Assistant
5 Generate audit-ready documentation package
🛡️ Incident Response +
1 Check Threat Intelligence for context
2 Ask AI Copilot for response procedure
3 Generate incident report
4 Update risk scores based on impact
5 Document lessons learned in Vault
👥 New Employee Onboarding +
1 Invite to team in Settings
2 Assign appropriate role (Member/Viewer)
3 Assign Security Training modules
4 Add to relevant calendar deadlines
5 Send welcome message via Secure Messaging
📄 Policy Lifecycle Management +
1 Generate policy with AI Policy Generator
2 Review with Policy Review Assistant
3 Upload final version to Document Vault
4 Set annual review deadline in Calendar
5 Re-review and update annually

💎 Plans & Quotas

Feature 🚀 Starter 🛡️ Professional 🏢 Enterprise
Price 2,500 SAR/mo 7,500 SAR/mo Custom
Users 3 15 Unlimited
Gap Analyses 5 / mo Unlimited Unlimited
AI Policies 10 / mo Unlimited Unlimited
Risk Scores 10 / mo Unlimited Unlimited
Executive Reports 3 / mo Unlimited Unlimited
AI Copilot
Threat Intel
Policy Review
Remediation
White-Label
API Access
SLA Guarantees
PDF Export
Bilingual

⌨️ Keyboard Shortcuts

Ctrl + K Open universal search
Ctrl + / Open AI Copilot
Ctrl + N New analysis / policy
Ctrl + E Export current view as PDF
Ctrl + Shift + L Toggle language (EN ↔ AR)
Ctrl + Shift + D Toggle dark / light theme
Escape Close modal / overlay

📚 Glossary

Gap Analysis
تحليل الفجوات
Assessment identifying differences between current security posture and required framework controls
Compliance Score
درجة الامتثال
Percentage rating (0-100%) showing how well an organization meets framework requirements
Risk Score
درجة المخاطر
Numerical rating (1-100) combining severity, likelihood, and business impact of a risk scenario
Remediation Plan
خطة المعالجة
Action plan with tasks, timelines, and responsible parties to close identified compliance gaps
Tenant
المستأجر
Your organization's isolated workspace within the platform, with its own data, users, and settings
White-Label
العلامة البيضاء
Customizing the platform with your organization's branding (logos, colors, domain)
MFA / TOTP
المصادقة متعددة العوامل
Multi-factor authentication using time-based one-time passwords for enhanced login security
Control
ضابط
A specific security measure or requirement defined by a compliance framework
Evidence
دليل
Documentation or artifacts proving implementation of a security control
SLA
اتفاقية مستوى الخدمة
Service Level Agreement — guaranteed performance metrics (uptime, response time)
RTO / RPO
هدف وقت الاسترداد / هدف نقطة الاسترداد
Recovery Time/Point Objective — maximum acceptable downtime and data loss in disaster recovery
Threat Briefing
إحاطة التهديدات
AI-generated report on current cyber threats relevant to your industry and region

❓ Frequently Asked Questions

How does the AI work? Is my data secure?
Our AI processes your inputs to generate compliance assessments, policies, and reports. All data is encrypted (AES-256), stored in Saudi Arabia, and isolated per tenant. AI processing does not share your data with other organizations.
Can I use the platform in Arabic?
Yes! The entire platform is bilingual (Arabic/English). Switch languages from the navigation bar. All AI outputs, policies, and reports are generated in both languages.
What happens if I exceed my plan's quota?
You'll see a usage meter showing your current consumption. When you reach your limit, you'll be prompted to upgrade. No data is lost — you just can't create new items until the next billing cycle or upgrade.
How do I invite team members?
Go to Settings → Team tab → Enter name and email → Click "Add Member". They'll receive a welcome email with login credentials. You can assign roles: Owner, Admin, Member, or Viewer.
Can I export reports as PDF?
Yes! Every analysis, policy, risk score, and report has a "Download PDF" button. PDFs include your organization's branding, are professionally formatted, and support Arabic RTL layout.
What frameworks are supported?
We fully support: SAMA CSF (Saudi Central Bank), NCA ECC (National Cybersecurity Authority), PDPL (Personal Data Protection Law), and ISO 27001:2022. Our AI is specifically trained on Saudi regulatory requirements.
Is there a mobile app?
The platform is fully responsive and works perfectly on mobile browsers. A dedicated mobile app is on our roadmap. You can add the site to your home screen for an app-like experience.
How is pricing structured?
Starter: 2,500 SAR/mo (3 users, basic quotas), Professional: 7,500 SAR/mo (15 users, unlimited AI), Enterprise: Custom pricing (unlimited users, white-label, API, SLA). Annual billing saves 20%.

Ready to Get Started?

📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.