01- THE CHALLENGE
A national mandate with no ready-made path
As the largest media company in the Middle East and North Africa, MBC operates at a scale — and under a regulatory weight — that few organizations in the region face. Compliance with the Saudi National Cybersecurity Authority (NCA) framework underpins how it handles sensitive data and sustains the trust of regulators, partners, and audiences.
But NCA isn’t a framework that ships ready-made inside compliance tooling. MBC had no built or mapped NCA framework in Drata, and its IT and security policies weren’t yet structured for audit. It needed more than a platform — it needed a partner who could design a custom, fully-auditable NCA framework, map every policy to the right controls, and keep it current as the regulation evolves.
The custom framework did not yet exist, and policies were not ready for audit.
MBC paused work in November 2025 due to internal changes, delaying policy uploads and mapping.
The pause made it difficult to progress toward certification readiness with confidence.
02- THE SOLUTON
A custom NCA framework, built and mapped inside Drata
Axipro built MBC a custom NCA framework inside Drata and ran the implementation end-to-end: reviewing and refining critical IT and security policies, mapping each to the right controls across all five NCA domains, and standing up a maintenance process to keep the framework audit-ready as requirements change.
The work was structured into five sequenced phases with clear deliverables — so MBC’s teams could focus on supplying controls and evidence while Axipro handled the technical mapping and ongoing upkeep.
03- IMPACT HIGHLIGHTS
What changed for MBC
● Audit-ready framework
A custom NCA framework live in Drata, with policies versioned and mapped to controls across every domain.
● Streamlined policy management
Refined, standardized policies ready for evidence mapping, so internal teams focus on controls, not formatting.
● Faster next framework
The established foundation and partnership cut scoping and delivery time for additional frameworks.
04- BACKGROUND
Compliance at broadcast scale
MBC is the leading media company across the Middle East and North Africa, operating an enterprise of more than 2,000 people across broadcast, streaming, and digital. At that reach, cybersecurity obligations are not a back-office concern. They touch sensitive data, critical systems, and a public footprint that includes the organization’s own social-media presence.
The NCA framework reflects exactly that breadth, spanning essential controls through data, cloud, telework, and social-media account security. Meeting it demanded a structured, auditable program rather than a one-off effort, and a partner who could own the technical build while MBC’s teams stayed focused on the business.
05- IMPLEMENTATION JOURNEY
Confident, collaborative, and fast
When MBC paused the engagement in late 2025 during a period of internal change, Axipro held the plan, re-scoped quickly, and resumed in January 2026, then delivered against an accelerated schedule.
Framework foundation
Custom NCA framework structured inside Drata, ready for policy and control mapping.
Policy refinement
Critical IT and security policies reviewed, standardized, and prepared for audit.
Control mapping
Policies mapped to the right controls, establishing traceability from document to requirement.
Full domain coverage
Mapping completed across ECC, DCC, CCC, TCC, and OSMAC, the full NCA control set.
Maintenance and monitoring
Ongoing framework upkeep and regulatory monitoring, keeping the program current as NCA evolves.
06- BEYOND THE CHECKBOX
Compliance as operating infrastructure
For MBC, a mapped NCA framework is not a one-time certification exercise. It is operating infrastructure.
With the framework built and maintained, audit preparation becomes a continuous state rather than a periodic fire drill. Internal teams are freed from manual policy work. And adding the next framework is faster, because the foundation and the working relationship already exist. Compliance shifts from a cost the business absorbs to a capability it can build on.
08- WHAT'S NEXT
Building on the foundation
With the NCA framework live and maintained, MBC has engaged Axipro for additional frameworks, extending the foundation and the partnership already in place. Trust is not the finish line. It is the platform for what comes next.