🇸🇦 Live Food Safety & Manufacturing

NCA Operational Technology Cybersecurity Controls (OTCC-1:2022)

NCA cybersecurity controls for operational technology and industrial control systems covering asset management, network security, and incident response. Applies to OT operators in Saudi Arabia.

23

Rules extracted

169

Obligations decomposed

7.3x

Avg obligations per rule

🇸🇦 Saudi Arabia

Jurisdiction

What AuditDSS covers

Source

1

Regulation

Extracted

23

Rules

Decomposed

169

Obligations

7.3x

Decomposition ratio

Each rule is decomposed into an average of 7.3 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 169 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in OTCC-1:2022 is scored across independent risk dimensions:

W

Obligation Weight

How critical within the regulatory framework

L

Violation Likelihood

How often breached in practice

E

Enforcement Evidence

Regulator enforcement history and penalties

C

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title
NCA Operational Technology Cybersecurity Controls (OTCC-1:2022)
Regulatory body
National Cybersecurity Authority
Jurisdiction
🇸🇦 Saudi Arabia
Document type
regulation
Effective date
January 1, 2022
Industry
Food Safety & Manufacturing

Who this applies to

government organizationscritical national infrastructure operatorsindustrial control system operators

Key requirements

  • 4 main domains
  • 23 subdomains
  • 47 main controls
  • 122 subcontrols
  • 3 criticality levels
  • OT/ICS protection
  • network segmentation
  • SIS protection

Frequently asked questions about OTCC-1:2022

What is OTCC-1:2022?
NCA cybersecurity controls for operational technology and industrial control systems covering asset management, network security, and incident response. Applies to OT operators in Saudi Arabia.

Who does OTCC-1:2022 apply to?
OTCC-1:2022 applies to government organizations, critical national infrastructure operators, industrial control system operators.

How many obligations does OTCC-1:2022 contain?
AuditDSS has decomposed OTCC-1:2022 into 169 atomic obligations from 23 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of OTCC-1:2022?
The key requirements include: 4 main domains, 23 subdomains, 47 main controls, 122 subcontrols, 3 criticality levels, OT/ICS protection, network segmentation, SIS protection.

How can I assess my OTCC-1:2022 compliance?
Upload your compliance policy to AuditDSS. The platform maps your document against all 169 OTCC-1:2022 obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces OTCC-1:2022?
OTCC-1:2022 is enforced in Saudi Arabia by National Cybersecurity Authority.

When did OTCC-1:2022 come into effect?
OTCC-1:2022 became effective on January 1, 2022.

What industry does OTCC-1:2022 apply to?
OTCC-1:2022 is primarily relevant to the Food Safety & Manufacturing industry. AuditDSS covers 61 regulations in this industry sector.

Build a OTCC-1:2022 compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for OTCC-1:2022 — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering OTCC-1:2022 requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine OTCC-1:2022 with other regulations into a single unified compliance pack for your business.

Build OTCC-1:2022 compliance pack

Already have a policy? Assess it against OTCC-1:2022

1

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

2

AI maps against 169 obligations

Your document is scored against every obligation in OTCC-1:2022. Each claim is mapped to the obligation tree and evaluated for coverage.

3

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.

Related regulations in Food Safety & Manufacturing

🇦🇺 Live

ACL

13 rules, 211 obligations
🇦🇺 Live

Biosecurity Act 2015

12 rules, 188 obligations
🇦🇺 Live

AU Climate Disclosure

10 rules, 52 obligations
🇦🇺 Live

EPBC Act

16 rules, 153 obligations
🇦🇺 Live

Export Control Act 2020

15 rules, 206 obligations
🇦🇺 Live

Fair Work Act 2009

16 rules, 260 obligations
🇦🇺 Live

Food Standards Code

21 rules, 119 obligations
🇦🇺 Live

FSANZ Food Safety Management Standard 3.2.2A

10 rules, 150 obligations

Assess your OTCC-1:2022 compliance

Upload your document and get a risk-scored gap analysis against 169 OTCC-1:2022 obligations in under 5 minutes.

Start assessment Browse all regulations