Streamlining Compliance for Nahdi Medical Company with NIST CSF, NCA ECC, and ISO 22301

A case study on how document automation and technical integrations along with automated risk helped Nahdi Medical Company to comply with NIST Cybersecurity Framework (CSF), ISO 22301, and NCA ECC compliance in no time.

About Nahdi Medical Company

Nahdi Medical Company is one of the largest pharmacy-led retailers in the Kingdom of Saudi Arabia. With roughly 6,000 employees and over 1,150 pharmacies serving more than 140 cities and towns around the Kingdom, Nahdi strives to provide a healthier future for communities. Nahdi has always embraced the advances that technology can help bring to life. Significant investments in Nahdi’s digital capabilities, particularly cloud computing, omnichannel, and data & analytics, support the omnihealth Guest experience.


Location: Jeddah, Kingdom of Saudi Arabia (KSA)


Industry: Healthcare

The Challenge

As a company working within the healthcare industry, Nahdi has to ensure compliance with multiple information security, cyber security, and business continuity standards; including NIST CSF, NCA ECC, and ISO 22301. 

Nahdi chose to implement CyberArrow GRC Tool as it included all local- as well as international standards that they had to comply with. At the same time, Nahdi wanted a platform that is easy to navigate while not being overwhelmed with a lot of information that isn’t required to ensure compliance.

The Solution

Nahdi chose to go with CyberArrow due to the ease of use but also the cross-mapping between local- and international standards along with auditor pre-approved document automation as well as the automated risk assessments and KPI dashboards. The company felt confident that CyberArrow could help them automate compliance fast while allowing them to continue focusing on their core business.

  • With CyberArrow’s document automation, Nahdi achieved compliance fast.
  • Once one standard has been implemented, it cross-maps to other standards and implements identical controls across all standards eliminating the need for double work.
  • The technical integrations automatically gather evidence and enable compliance with NIST CSF, NCA ECC, and ISO 22301 without additional manual work. 
  • The Third-Party risk module has helped Nahdi to assess over a hundred vendors in no time. 
  • The company is able to view its real time-security posture in report format using CyberArrow GRC.
What does Nahdi Say About CyberArrow?

“After implementing CyberArrow GRC, we managed to automate most of our compliance activities in record time. Using the ready-made documents automation as well as the other automation features enabled us to work cross-functionally in a seamless way and really enabled us to spend time on other important daily tasks. CyberArrow GRC does live up to its promise of being a powerful enterprise solution yet have all the features of a simple Compliance Automation solution.”

Ready to Automate Compliance with CyberArrow Compliance Automation Tool?

Let's Get Started

Join The Many Businesses That Trust Us!