Certified ISO 31000
Risk management
Download PDF
In an increasingly dynamic and digitally driven environment, we remain steadfast in our commitment to safeguarding the sustainability and resilience of our business. Our comprehensive Enterprise Risk Management (ERM) Framework enables us to anticipate, assess, and address potential risks that may affect our strategic objectives or daily operations. Through this forward-looking approach, we strengthen our ability to prevent disruptions, maintain operational stability, and ensure business continuity under all circumstances.
solutions by stc is dedicated to maintaining and continuously enhancing our advanced risk management practices through our robust governance and control infrastructure. Our approach aligns with leading international standards, including ISO 31000 and COSO ERM, and is fully integrated with our corporate strategy to support informed, strategic, and risk-aware decision-making across the Organization.
Risk management processes
Risk management principles
Risk management activities
Quarterly monitoring of principal risks
Annual update of risk assessment
Monthly/quarterly/bi-annually/annually key risk indicators
Regular training and awareness to increase the risk culture and risk management knowledge
Annual assessment for internal control
solutions by stc embeds risk management across all levels of the Organization, ensuring it is seamlessly integrated into decision-making and aligned with the delivery of our business strategy. Through a strong governance framework and close collaboration between business units, we maintain a clear understanding of both internal and external risks and develop tailored strategies and mitigation plans that align with our strategic direction and objectives.
We are committed to maintaining a comprehensive, agile, and forward-looking Risk Management program built on global best practices and leading standards. Our approach increasingly leverages automation, data-driven insights, and technology-based methodologies to enhance decision-making and strengthen organizational resilience. By combining innovation with sound governance, we continue to uphold the highest standards of risk management and meet the expectations of all stakeholders.
Risk governance framework
Our Board of Directors have the ultimate responsibility of governance and oversight of all Risk Management activities across the Company, in accordance with our approved Enterprise Risk Management Policy.
Maintaining certifications and standards
solutions by stc is committed to the continuous enhancement of our Risk Management approach and capabilities. ERM is fully integrated with the Company’s strategic objectives and planning processes, ensuring that risk awareness informs decision-making at every level. A key priority is the early identification and reporting of emerging risks, both locally and globally, so that the Risk Management function can actively support the achievement of our strategic goals.
Since 2023, solutions by stc has maintained ISO 31000 certification, reflecting our ongoing commitment to international best practices in ERM. The certification is subject to annual surveillance audits, driving continuous improvement, and strengthening the maturity of our Risk Management program. By doing so, we continue to build resilience and reinforce informed, data-driven decision-making across the Organization.
To ensure the effectiveness of our internal control environment, we conduct an annual Internal Control Review covering all divisions, departments, and functions. This review assesses existing controls, identifies new or evolving risks, and tests both design and operational effectiveness. The results provide Management with assurance over the robustness of our internal controls and the integrity of our overall governance framework.
Risk appetite statement
solutions by stc has developed a clearly defined risk appetite statement that sets out the level and types of risk the Organization is prepared to accept in pursuit of our strategic objectives. This statement establishes clear parameters for risk-taking, ensuring alignment between strategic ambition and prudent governance. It also provides Management with a structured tool to guide effective, informed, and balanced decision-making across the business, and it is updated on an annual basis to ensure continued relevance and alignment with the Organization’s evolving strategy and risk environment.
Risk appetite characteristics
Principal risks
Description
The risk of non-compliance with applicable laws and regulations resulting in legal and financial implications
The risk of a decrease in Environmental, Social, and Governance (ESG) performance leading to a decline in our ESG Index ranking, resulting in possibly losing investors and having an adverse reputational impact
The risk of negative impacts on operations, trade, and strategic goals arising from complex and dynamic interactions shaped by political, economic, and social factors, resulting in disruptions to supply chains and operational support systems
The risk of the inability to adopt transformative technologies resulting in potential operational inefficiencies, compromising agility and leading to a competitive setback
The risk of increasing sophistication and the variety of cyber-attacks, along with the unauthorized disclosure of organizational or personal data, can lead to operational disruptions, reputational harm, regulatory repercussions, and financial losses
The risk of an increasing footprint by international players and local players continuously striving to gain market share, in addition to an increased number of startups in the Kingdom of Saudi Arabia’s IT sector, making the market more fragmented
Risk response and mitigation measures
- Actively adhered to regulatory requirements, supporting our vision to lead in the ICT sector
- Maintained a robust compliance management system to enhance Company-wide compliance culture
- Aimed to set a benchmark in compliance management, meeting regulatory needs and adopting the best practices
- Strengthened relationships with customers, employees, partners, and investors
- A comprehensive strategy and program in place for Sustainability
- An ESG Committee has been established to oversee the ESG program and its execution
- ESG performance indicators are defined, tracked, monitored, and reported
- Communication awareness campaign, and enhancing a sustainability culture and capability
- Established alternative shipping methods with multiple carriers for efficient emergency deliveries
- Retained the CIPS MENA Procurement Award for excellence in local content
- Optimized sourcing strategy to adapt to market dynamics
- The Crisis and Disaster Recovery Plan is activated during force majeure events
- Continuously monitored business insights across the Organization for ICT-related market trends and publications
- Regularly assessed and prioritized transformative technologies aligned with business goals
- Used agile methods and partnered with tech companies/experts for swift adoption
- The cybersecurity policies and framework are maintained to assess the changing needs of the Organization, industry, and regulatory obligations and are used to address the challenges posed by the emerging threats and new complex technologies
- Maintained robust cybersecurity and data privacy risk and compliance program(s) aligned with regulatory laws/regulations, enterprise risk/compliance, and industry leading practices
- Exceled in identifying, assessing, and mitigating potential incidents and threats to the Company’s digital ecosystems
- Certified against ISO 27001 Information Security Management System (ISMS) and ISO 27701 Privacy Information Management
- Annual strategy review to ensure relevance to market needs and expectations
- Expanded digital and IT offerings, entering new business lines to meet diverse customer needs across the IT value chain
- Achieved growth through strategic acquisitions and internal development, broadening portfolio scope
- Strengthened product portfolio by building partnerships that introduce complementary solutions
- Enhanced customer retention by implementing successful bundling and cross-selling strategies, reducing competitive impact
- Conducted continuous market research to identify updates and changes that could impact our market competitiveness, allowing us to adapt proactively to evolving customer and market needs
Business continuity
solutions by stc has established and maintained a comprehensive Business Continuity Framework designed to ensure organizational resilience and operational stability during potential disruptions.
Our leadership is strongly committed to embedding a culture of business continuity throughout the Company. This commitment is reflected in the active involvement of Senior Management, dedicated resource allocation, and the establishment of clear objectives that prioritize resilience and preparedness across all functions.
Each year, we conduct Business Impact Analysis (BIA) and Threat and Risk Assessment (TRA) exercises covering all critical processes to identify potential vulnerabilities and evaluate their impact. These assessments guide the prioritization of recovery efforts and the development of targeted mitigation strategies that safeguard our operations and stakeholders.
solutions by stc has implemented a suite of Business Continuity Plans (BCPs) addressing essential areas such as operations, technology, and facilities. These plans define clear roles and responsibilities, establish communication protocols, and outline recovery procedures for key business functions. Complementing these plans are comprehensive Crisis Management and Incident Response Frameworks that ensure timely, coordinated action when needed. Continuous review, testing, and improvement processes are built into our program to maintain readiness and incorporate lessons learned from previous exercises.
Regular drills, simulations, and tabletop exercises are conducted to validate the effectiveness of our continuity measures and identify opportunities for enhancement. More than 500 employees have participated in training and awareness sessions, ensuring they are fully equipped to fulfill their roles and responsibilities within the Business Continuity Framework. This proactive approach strengthens our ability to respond effectively to disruptions, maintain service delivery, and protect stakeholder confidence under all circumstances.
Business continuity achievements in 2025
Key business continuity achievements and milestones in 2025 included:
Recognized by the Business Continuity Institute
In September 2025, solutions by stc was named the 2025 Award Winner for “Most Original Exercise Programme” by the Business Continuity Institute (BCI). This distinguished recognition highlights our innovative approach to exercising business continuity, designed to rigorously and creatively test the Organization’s resilience and response capabilities across all functions.
The award reflects our commitment to developing forward-thinking exercise programs that go beyond traditional testing. Each simulation is designed to mirror realistic, high-impact scenarios that challenge teams to collaborate, adapt, and respond effectively under pressure. Through this program, we continue to strengthen our readiness, validate the performance of our continuity strategies, and enhance the overall resilience of the Organization.
Our key strengths
-
Since 2020, solutions by stc has achieved and maintained ISO 22301 certification, reaffirming our dedication to establishing, implementing, and continuously improving a comprehensive Business Continuity Management System (BCMS). This certification, reviewed annually, ensures that we remain fully prepared to respond to and recover from any form of disruption, protecting our people, operations, and stakeholders.
-
solutions by stc has also maintained ISO 22320 certification since 2022, reflecting our commitment to effective incident and emergency management. The certification is reviewed annually to ensure adherence to best practices in communication, coordination, and resource allocation during crises. It reinforces our ability to manage incidents efficiently while maintaining clarity, control, and confidence throughout the Organization.
-
Every year, solutions by stc conducts a comprehensive crisis simulation exercise involving senior leadership. These high-level simulations are designed to test and refine real-time response strategies, ensuring that Executives and Management teams are equipped to make decisive, informed decisions under pressure. This annual exercise strengthens organizational coordination, reinforces accountability, and ensures a unified response during potential crises.
-
To embed a culture of preparedness across the Organization, solutions by stc runs an ongoing program of training, awareness, and practical exercises focused on Business Continuity Management (BCM). Regular workshops, drills, and simulations are conducted to build employee knowledge, reinforce readiness, and ensure that every team member understands their role in maintaining continuity. This commitment to continuous learning ensures that resilience remains a shared responsibility across all functions.