What It Is

PMBOK® Guide, published by PMI, is a standard and guide documenting generally accepted project management practices. It applies to all project types across industries, evolving from process-based (6th edition: five Process Groups, ten Knowledge Areas) to principle-based (7th/8th editions: 12 principles, performance domains). Core approach emphasizes tailoring for predictive, adaptive, or hybrid lifecycles.

Key Components

• **Process GroupsInitiating, Planning, Executing, Monitoring/Controlling, Closing.
• **Knowledge AreasIntegration, Scope, Schedule, Cost, Quality, Resources, Communications, Risk, Procurement, Stakeholders (~49 processes with ITTOs).
• **Modern elements6-7 performance domains (governance, stakeholders, etc.), principles like value focus, stewardship.
• No formal certification for standard; aligns with PMP® credentialing.

Why Organizations Use It

Drives predictability, reduces overruns (high-performers 3x more likely to standardize), embeds risk/compliance controls. Provides governance baseline, common language, competitive edge in procurement/regulated sectors. Builds stakeholder trust via traceability, benefits realization.

Implementation Overview

Phased rollout: assess gaps, tailor processes, pilot, train (PMP-aligned), deploy tools/PMO. Suits all sizes/industries; 12-24 months typical. Focuses on maturity models like OPM3, continuous improvement.

What It Is

The Saudi Arabian Monetary Authority Cyber Security Framework (SAMA CSF) Version 1.0 (May 2017) is a mandatory regulatory framework for SAMA-regulated financial institutions in Saudi Arabia. Its primary purpose is to ensure cybersecurity resilience through governance, risk management, and controls, using a principle-based, outcome-oriented approach with a six-level maturity model (minimum Level 3: Structured and Formalized).

Key Components

• Four main **domainsCyber Security Leadership & Governance, Risk Management & Compliance, Operations & Technology, Third-Party Cyber Security.
• Numerous subdomains with principles, objectives, and control considerations (114+ subcontrols).
• Built on NIST CSF, ISO 27001, PCI-DSS; compliance via self-assessment and SAMA audits.

Why Organizations Use It

• Mandatory for banks, insurers, finance firms to avoid penalties, audits, fines.
• Enhances resilience, reduces incident risks, enables strategic advantages like partnerships.
• Builds trust, efficiency via metrics (KPIs/KRIs), aligns with Vision 2030 digital goals.

Implementation Overview

• Phased roadmap: gap analysis, risk assessment, control deployment, monitoring.
• Applies to all sizes of SAMA entities in Saudi Arabia; requires board oversight, CISO, documentation pyramid.
• Self-assessments, periodic SAMA reviews; no external certification but auditable maturity evidence.