What is the primary objective of **BREEAM**?

**BREEAM's primary objective is to provide a science-based sustainability assessment and certification framework for the built environment, measuring performance across the asset lifecycle.** Developed by BRE in 1990, it uses a category-based structure—**Management, Health & Wellbeing, Energy, Transport, Water, Materials, Waste, Land Use & Ecology, Pollution, and Innovation**—with weighted credits converting compliance into ratings from **Pass (≥30%)** to **Outstanding (≥85%)**. This enables verifiable ESG outcomes, net zero strategies, and resilience for buildings, infrastructure, and communities.

Who is legally or professionally required to comply with **BREEAM**?

**No organizations are legally required to comply with BREEAM, as it is a voluntary certification scheme.** Professionally, it applies to developers, owners, and operators of new construction, refurbishments, in-use assets, communities, and infrastructure seeking market differentiation, planning incentives, investor ESG alignment, or EU Taxonomy support. Licensed **BREEAM Assessors** and **Advisory Professionals (APs)** are mandatory for certification, with BRE Global conducting quality audits under **ISO/IEC 17065** accreditation.

Does **BREEAM** require an external audit or third-party certification?

**Yes, BREEAM mandates third-party certification through licensed Assessors and BRE Global quality audits.** Assessors compile evidence against scheme-specific technical manuals and submit for BRE verification, including potential site visits. Certification is issued only after QA, ensuring impartiality via BRE's **UKAS accreditation to ISO/IEC 17065** and **ISO 9001** alignment, producing auditable ratings.

How often should an assessment for **BREEAM** be performed?

**BREEAM New Construction assessments occur once per project at design, construction, and post-construction stages.** For operational assets, **BREEAM In-Use certification is valid for 3 years**, requiring reassessment for renewal to verify ongoing performance via post-occupancy evaluation and metering data.

What are the consequences of non-compliance with **BREEAM**?

**Non-compliance with BREEAM results in denied credits, lower ratings, or failed certification, with no direct legal penalties as it is voluntary.** Consequences include lost market premiums (e.g., up to 25% rental uplift), rejected planning incentives, ineligible green financing, ESG reporting gaps, and higher operational risks like energy performance shortfalls.

An **BREEAM** be mapped to other international frameworks?

**BREEAM does not officially map to other frameworks within its standalone schemes, but Version 7 aligns explicitly with EU Taxonomy for technical screening criteria.** Its categories and evidence (e.g., **ISO 7730** thermal comfort, **ISO/IEC 17025** emissions testing) support comparability for ESG reporting, while NSOs in **Austria, Germany, Netherlands, Norway, Spain, Sweden** adapt locally.

What is the first step to begin implementing **BREEAM**?

**The first step is to select the appropriate scheme (e.g., New Construction, In-Use) and version, then appoint a licensed BREEAM Assessor early at concept stage.** Conduct a pre-assessment using the technical manual to target ratings, map credits, and integrate into design governance via BRE registration.

What is the primary objective of **SAMA CSF**?

**SAMA CSF aims to create a common cybersecurity approach across Member Organizations, achieve appropriate maturity levels, and ensure proper risk management.** Version 1.0 (May 2017) prescribes principles, objectives, and controls across four domains—**Cyber Security Leadership and Governance**, **Risk Management and Compliance**, **Operations and Technology**, and **Third Party Cyber Security**—using a six-level maturity model targeting at least **Level 3 (Structured and Formalized)** with policies, standards, procedures, and KPIs.

Who is legally or professionally required to comply with **SAMA CSF**?

**SAMA CSF is mandatory for all SAMA-regulated financial institutions in Saudi Arabia.** This includes banks, insurance/reinsurance companies, financing companies, credit bureaus, and financial market infrastructure providers. All domains apply fully to banks; non-banks have tailored exceptions (e.g., payment systems if not handling cards/SWIFT). Boards, senior management, CISOs, and third-party providers must ensure adoption.

Does **SAMA CSF** require an external audit or third-party certification?

**No, SAMA CSF does not require external third-party certification.** Compliance relies on periodic **self-assessments** using SAMA-provided questionnaires, internal audits per accepted standards, and SAMA supervisory reviews. Independent internal audits are mandated, with evidence of maturity (e.g., Level 3+ via KPIs/KRIs) submitted for regulatory scrutiny.

How often should an assessment for **SAMA CSF** be performed?

**SAMA CSF requires periodic self-assessments using SAMA questionnaires, with annual reviews for critical assets.** Maturity levels (targeting Level 3+) must be evaluated regularly, including penetration testing for customer-facing services and ongoing monitoring via KPIs (Level 3) and KRIs (Level 4+). Assessments occur early in projects, before changes/outsourcing, and support SAMA audits.

What are the consequences of non-compliance with **SAMA CSF**?

**Non-compliance with SAMA CSF triggers regulatory enforcement including supervisory actions, remediation demands, heightened scrutiny, and potential operational restrictions.** As a mandated framework, failures lead to audit findings, mandated audits, elevated risk ratings, and material operational/reputational risks; SAMA leverages broader banking powers without specified fines in the CSF.

An **SAMA CSF** be mapped to other international frameworks?

**Yes, SAMA CSF conceptually aligns with international frameworks like NIST CSF, ISO 27001, PCI-DSS, and BASEL.** Its domains map to NIST functions (Identify, Protect, Detect, Respond, Recover), ISO 27001 ISMS, and sector standards (PCI-DSS for cards, SWIFT CSCF); institutions use mappings for integrated compliance without official SAMA tables.

What is the first step to begin implementing **SAMA CSF**?

**The first step is securing Board and Senior Management sponsorship and conducting a gap analysis against SAMA CSF controls.** Phase 1 (Initiation) includes appointing program leadership, inventorying assets/obligations, and baseline maturity assessment (Levels 0-5 per domain), producing a project charter and gap register targeting Level 3 minimum.

BREEAM vs SAMA CSF

Standards Comparison

BREEAM

Voluntary

1990

World-leading sustainability certification for built environment

SAMA CSF

Mandatory

2017

Saudi regulatory framework for financial cybersecurity

Quick Verdict

BREEAM certifies sustainable buildings globally via voluntary audits for environmental excellence, while SAMA CSF mandates cybersecurity maturity for Saudi financial firms via self-assessments. Organizations adopt BREEAM for ESG value uplift; SAMA CSF for regulatory compliance and resilience.

Building Sustainability

BREEAM

Building Research Establishment Environmental Assessment Method

Cost

€€

Complexity

High

Implementation Time

12-18 months

Key Features

Third-party audited certification by BRE Global
Weighted credit scoring across 10 categories
Full lifecycle coverage from design to in-use
Continuous updates via Knowledge Base KBCNs
Global schemes with local NSO adaptations

Cybersecurity

SAMA CSF

SAMA Cyber Security Framework Version 1.0

Cost

€€€€

Complexity

High

Implementation Time

6-12 months

Key Features

Six-level maturity model targeting minimum Level 3
Four domains with detailed subdomains and controls
Board oversight and independent CISO requirements
Third-party cybersecurity due diligence and monitoring
Specific controls for payment systems and e-banking

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

BREEAM Details

What It Is

BREEAM (Building Research Establishment Environmental Assessment Method) is a science-led sustainability certification framework for the built environment. Developed by BRE in 1990, it assesses environmental, social, and resilience performance across buildings, infrastructure, and communities. Its credit-based, weighted scoring methodology converts compliance into ratings from Pass to Outstanding.

Key Components

10 core categories: Management, Health & Wellbeing, Energy, Transport, Water, Materials, Waste, Land Use & Ecology, Pollution, Innovation.
Credits awarded for evidenced compliance; categories weighted by impact (e.g., high for Energy).
Supported by technical manuals, Knowledge Base Compliance Notes (KBCNs), and third-party assurance via licensed assessors and BRE audits.
Certification model includes design-stage and post-construction verification.

Why Organizations Use It

Drives asset value uplift (up to 30%), operational savings (energy ~22-33%), and ESG credibility. Aligns with EU Taxonomy and net zero; mitigates regulatory risks; enhances tenant appeal and market differentiation.

Implementation Overview

Phased approach: early assessor appointment, credit targeting, evidence gathering tied to design/construction. Applies globally to all sizes/types; requires licensed assessor and BRE certification. In-Use scheme ensures ongoing performance (3-year validity).

SAMA CSF Details

What It Is

The Saudi Arabian Monetary Authority Cyber Security Framework (SAMA CSF), Version 1.0 (May 2017), is a mandatory regulatory framework for SAMA-regulated financial institutions in Saudi Arabia. It provides a principle-based, outcome-oriented approach to cybersecurity, focusing on governance, risk management, operations, and third-party controls to protect information assets' confidentiality, integrity, and availability.

Key Components

Four primary **domainsCyber Security Leadership & Governance, Risk Management & Compliance, Operations & Technology, Third-Party Cyber Security.
Numerous subdomains with principles, objectives, and control considerations.
Six-level maturity model (0-5), minimum Level 3 (structured/formalized).
Aligned with NIST CSF, ISO 27001, PCI-DSS; compliance via self-assessments and SAMA audits.

Why Organizations Use It

Mandatory for banks, insurers, financing firms; avoids penalties, audits.
Enhances resilience, reduces incidents; strategic advantages in partnerships, efficiency.
Builds trust, supports Vision 2030 digital economy.

Implementation Overview

Phased: initiation/gap analysis, risk assessment, design/deployment, operate/monitor, audit/improve.
Applies to all SAMA entities; scalable by size.
Self-assessments, no external certification but SAMA review required. (178 words)

Key Differences

Aspect	BREEAM	SAMA CSF
Scope	Sustainability across buildings, infrastructure, lifecycle stages	Cybersecurity for financial information assets and operations
Industry	Built environment, global with regional adaptations	Saudi financial sector only, banks/insurers/financing
Nature	Voluntary certification scheme with third-party audits	Mandatory regulatory framework with self-assessments
Testing	Licensed assessor audits, BRE quality assurance, periodic recertification	Periodic self-assessments, SAMA supervisory reviews/audits
Penalties	Loss of certification, no legal penalties	Regulatory enforcement, fines, supervisory actions

Scope

BREEAM

Sustainability across buildings, infrastructure, lifecycle stages

SAMA CSF

Cybersecurity for financial information assets and operations

Industry

BREEAM

Built environment, global with regional adaptations

SAMA CSF

Saudi financial sector only, banks/insurers/financing

Nature

BREEAM

Voluntary certification scheme with third-party audits

SAMA CSF

Mandatory regulatory framework with self-assessments

Testing

BREEAM

Licensed assessor audits, BRE quality assurance, periodic recertification

SAMA CSF

Periodic self-assessments, SAMA supervisory reviews/audits

Penalties

BREEAM

Loss of certification, no legal penalties

SAMA CSF

Regulatory enforcement, fines, supervisory actions

Frequently Asked Questions

Common questions about BREEAM and SAMA CSF

BREEAM FAQ

SAMA CSF FAQ

You Might also be Interested in These Articles...

CIS Controls v8.1, Operationalized: Top 10 Reasons Compliance Monitoring Software Accelerates Real-World Implementation

Operationalize CIS Controls v8.1 with compliance monitoring software. Turn checklists into dashboards, tickets, and audit-proof workflows. Top 10 reasons it acc

SOC 2 for Bootstrapped SaaS: Lazy Founder's Automation Roadmap with Vanta/Drata Templates

Bootstrapped SaaS founders: Achieve SOC 2 Type 2 in 3 months with Vanta automation (cuts 70% manual work). Free templates, workflows, screenshots, metrics & Sig

SEC Cybersecurity Rules Materiality Determination Framework: Step-by-Step Guide with Checklists and Real-World Examples

Master SEC Form 8-K Item 1.05 materiality determinations with our step-by-step framework, checklists, case law factors, and real-world examples. Avoid enforceme

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Check out these other Gradum.io Standards Comparison Pages

CCPA vs BRC

Compare CCPA vs BRC: Key differences in privacy rights, thresholds, audits, fines & implementation. Master compliance strategies for data protection & food safety now!

ISO 14001 vs FedRAMP

Discover ISO 14001 vs FedRAMP: Compare env mgmt systems & fed cloud security. Key diffs, benefits, compliance tips for strategic wins—read now!

ISO 37001 vs SAMA CSF

Compare ISO 37001 anti-bribery vs SAMA CSF cybersecurity: key differences, maturity models, controls & Saudi compliance tips. Strengthen governance today!

BREEAM

SAMA CSF

Quick Verdict

BREEAM

Key Features

SAMA CSF

Key Features

Detailed Analysis

BREEAM Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

SAMA CSF Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

Key Differences

Scope

Industry

Nature

Testing

Penalties

Frequently Asked Questions

BREEAM FAQ

What is the primary objective of BREEAM?

Who is legally or professionally required to comply with BREEAM?

Does BREEAM require an external audit or third-party certification?

How often should an assessment for BREEAM be performed?

What are the consequences of non-compliance with BREEAM?

An BREEAM be mapped to other international frameworks?

What is the first step to begin implementing BREEAM?

SAMA CSF FAQ

What is the primary objective of SAMA CSF?

Who is legally or professionally required to comply with SAMA CSF?

Does SAMA CSF require an external audit or third-party certification?

How often should an assessment for SAMA CSF be performed?

What are the consequences of non-compliance with SAMA CSF?

An SAMA CSF be mapped to other international frameworks?

What is the first step to begin implementing SAMA CSF?

You Might also be Interested in These Articles...

CIS Controls v8.1, Operationalized: Top 10 Reasons Compliance Monitoring Software Accelerates Real-World Implementation

SOC 2 for Bootstrapped SaaS: Lazy Founder's Automation Roadmap with Vanta/Drata Templates

SEC Cybersecurity Rules Materiality Determination Framework: Step-by-Step Guide with Checklists and Real-World Examples

Run Maturity Assessments with GRADUM

Check out these other Gradum.io Standards Comparison Pages

CCPA vs BRC

ISO 14001 vs FedRAMP

ISO 37001 vs SAMA CSF