Book a Demo

2026 KSA Compliance Guide

GRC in Saudi Arabia | SAMA TGF Β· NCA ECC Β· VAT Β· ESG Vision 2030 Β· GRC Software Guide | Sahl
The Definitive KSA GRC Guide Β· 2025

GRC in Saudi Arabia:
Everything KSA Enterprises Need to Know

From SAMA and NCA ECC to VAT compliance, ESG Vision 2030 reporting, and how to choose the right GRC software β€” the complete reference for governance, risk, and compliance in the Kingdom.

πŸ“– In this guide

  1. What is GRC & why it matters for KSA
  2. SAMA Technology Governance Framework
  3. NCA Essential Cybersecurity Controls (ECC)
  4. VAT & ZATCA Compliance Integration
  5. ESG Reporting under Vision 2030
  6. How to choose GRC software for KSA
  7. How Sahl addresses every challenge
See Sahl in Action β†’ Read the Guide

Trusted by Saudi enterprises across

Banking
Insurance
Fintech
Healthcare
Government
Telecoms
Energy
Chapter 1

What is GRC β€” and Why It’s Critical for KSA Enterprises

Governance, Risk & Compliance is not a buzzword β€” it’s the strategic backbone of every well-run Saudi organisation operating in a high-scrutiny regulatory environment.

GRC Defined: The Three Pillars

G
Governance
Policies, accountability structures, and decision-making frameworks that align operations with strategic objectives.
R
Risk
Identifying, assessing, and mitigating threats β€” operational, cyber, financial, and reputational β€” before they materialise.
C
Compliance
Meeting regulatory obligations β€” SAMA, NCA, PDPL, ZATCA β€” with auditable evidence and continuous monitoring.
Unifies strategy, risk, and regulatory requirements into one framework
Eliminates siloed compliance and redundant audit efforts
Builds stakeholder and regulator trust in your operations

Regulatory Complexity in KSA

Saudi enterprises face an unusually dense regulatory stack: SAMA, NCA ECC, PDPL, ZATCA, CMA guidelines, and Vision 2030 mandates β€” often simultaneously and with overlapping requirements.

5+ active frameworks Multi-regulator

Cost of Non-Compliance

Regulatory penalties in KSA are steep. NCA violations can result in operational suspension. SAMA breaches carry financial penalties. ZATCA fines can reach 100% of unpaid VAT. PDPL violations: up to SAR 5 million.

Up to SAR 5M fines License risk

Vision 2030 Accelerating Demand

Saudi Arabia’s economic transformation is bringing billions in foreign investment β€” and with it, international compliance expectations around ESG, data privacy, cybersecurity, and financial governance.

SAR 1T+ investments ESG mandated

Manual GRC is Unsustainable

Spreadsheet-based compliance programs fail at scale. KSA enterprises managing SAMA + NCA + PDPL manually spend an average of 6–9 months per audit cycle β€” compared to 4–6 weeks with an integrated GRC platform.

70% time savings AI-powered

πŸ‡ΈπŸ‡¦ KSA GRC Landscape at a Glance

7+
Active Saudi regulatory frameworks enterprises must navigate
SAR 5M
Maximum PDPL fine for data privacy violations per incident
2030
Vision 2030 deadline driving ESG and governance transformation
65%
of Saudi enterprises report compliance as a top-3 operational risk
Chapter 2

SAMA Technology Governance Framework β€” Key Requirements & Who It Applies To

The Saudi Central Bank’s Technology Governance Framework is the primary IT and cybersecurity governance mandate for every SAMA-regulated financial institution in the Kingdom.

  • 1

    Technology Strategy & Governance

    SAMA requires documented IT governance structures, a Technology Strategy aligned to business objectives, and a Board-approved Technology Risk Appetite β€” with annual review cycles.

  • 2

    Cybersecurity Management

    Entities must implement a Cybersecurity Framework consistent with NCA ECC, with appointed CISOs, incident response programs, and annual penetration testing across critical systems.

  • 3

    Third-Party & Vendor Risk (TPRM)

    All technology vendors must undergo due diligence, risk assessment, and ongoing monitoring. Cloud service providers must meet NCA and SAMA data residency requirements β€” data must reside within KSA borders.

  • 4

    Business Continuity & Disaster Recovery

    SAMA mandates Business Impact Analysis (BIA), tested BCP and DR plans, with Recovery Time Objectives (RTOs) defined per criticality β€” documented and submitted during regulatory examinations.

  • 5

    Technology Risk Management

    A structured Technology Risk Register must be maintained, with risk treatment plans, risk acceptance workflows, and quarterly reporting to senior management and the Board Risk Committee.

  • 6

    Technology Audit & Assurance

    Internal Audit must include technology audit capabilities, with annual audits of critical IT systems and findings remediated within SAMA-prescribed timeframes.

Who does SAMA TGF apply to?

  • Commercial banks and investment banks licensed by SAMA
  • Insurance and reinsurance companies (SAMA-regulated)
  • Finance companies and consumer lending institutions
  • Payment service providers and fintech operators (STC Pay, etc.)
  • Money changers and remittance operators
  • Entities outsourcing critical IT functions to third parties

SAMA TGF: 5 Core Domains

The SAMA Technology Governance Framework is structured across five governance domains that together cover the full lifecycle of technology risk and compliance in regulated financial entities.

Technology Strategy IT Operations Cybersecurity Third-Party Risk Business Continuity Technology Risk Audit & Assurance Data Management

⚠️ SAMA Examination Process

SAMA conducts on-site and off-site regulatory examinations. Entities must maintain a compliance evidence pack β€” control test results, audit reports, board minutes, vendor agreements β€” ready for examination at any time. Non-compliance findings are escalated to corrective action plans with firm deadlines.

How Sahl Automates SAMA TGF Compliance

βœ“ Pre-built SAMA TGF control library β€” 150+ controls mapped and ready
βœ“ Automated evidence collection from your tech stack and vendors
βœ“ SAMA examination-ready reports generated in Arabic and English
βœ“ TPRM module for vendor due diligence and ongoing monitoring
βœ“ BCP/DR tracking with RTO/RPO documentation workflows
Chapter 3

NCA Essential Cybersecurity Controls β€” Obligations & Enforcement

The National Cybersecurity Authority’s ECC framework is Saudi Arabia’s foundational cybersecurity standard β€” mandatory for government entities and strongly recommended for all critical sector organisations.

01

Cybersecurity Governance

Establishing a cybersecurity program with defined roles, policies, and Board-level accountability. Requires an appointed Chief Information Security Officer (CISO) and a Cybersecurity Policy approved by senior leadership.

πŸ“‹ 22 Controls
02

Cybersecurity Defence

Technical controls covering asset management, network security, access control, vulnerability management, malware protection, and endpoint security β€” all mapped to international standards including ISO 27001 and NIST CSF.

πŸ“‹ 34 Controls
03

Cybersecurity Resilience

Business continuity and disaster recovery for cyber incidents β€” including incident response plans, cyber crisis management, and recovery time objectives for critical national infrastructure services.

πŸ“‹ 18 Controls
04

Third-Party & Cloud Security

Controls for managing cybersecurity risks from vendors, cloud providers, and outsourced services. Cloud deployments must meet NCA data localisation requirements β€” sensitive government data must reside in KSA.

22 Controls
05

Industrial Control Systems

Specific cybersecurity requirements for operational technology (OT) environments, SCADA systems, and industrial control systems β€” critical for Saudi energy, utilities, and manufacturing sectors.

18 Controls
πŸ“Œ

NCA ECC Summary

Total framework: 5 domains, 114 controls. Annual self-assessment mandatory. NCA conducts spot audits and shares findings with sector regulators including SAMA and the Communications & Space Commission.

114 Total Controls

NCA Enforcement & Penalties

NCA has formal enforcement powers under the Cybersecurity Law. Non-compliant entities face written warnings, operational restrictions, and referral to the Public Prosecution for serious breaches. Government entities that fail NCA assessments face budget and procurement restrictions. Private sector entities in critical sectors (energy, finance, health, telecoms) face increasing scrutiny β€” with NCA publishing sector-wide compliance rates annually.

Who Must Comply with NCA ECC?

Government Ministries
State-Owned Enterprises
Banks & Finance
Telecoms & ISPs
Energy & Utilities
Healthcare Systems
Transport & Logistics
Defence Contractors
Water Infrastructure
Chapter 4

VAT & ZATCA Compliance β€” Integration with GRC Platforms

Saudi Arabia’s 15% VAT regime under ZATCA and the mandatory FATOORAH e-invoicing system are not just financial obligations β€” they’re enterprise governance and technology compliance requirements.

Why VAT Belongs in Your GRC Program

Most enterprises treat VAT compliance as a finance-only function. But ZATCA’s Phase 2 e-invoicing (FATOORAH) mandates deep integration between ERP systems, data governance, and cybersecurity controls β€” placing VAT squarely in the GRC domain. Audit trails, data integrity, and access controls are all relevant.

Key VAT Compliance Risks for KSA Enterprises

FATOORAH Phase 2 Non-Compliance

Phase 2 e-invoicing requires real-time submission to ZATCA’s Fatoorah platform. Failures in system integration, data formats, or cryptographic signing can trigger immediate ZATCA audit triggers.

Record-Keeping Violations

ZATCA requires VAT records to be retained for 6 years and accessible for audit within 48 hours of a request. Inadequate document management systems create audit risk and potential fines of 5–25% of unpaid VAT.

Input Tax Credit Errors

Incorrect input VAT recovery is a leading cause of ZATCA penalties. GRC platforms that link procurement controls to VAT posting rules catch errors before they reach the return.

Cross-Border Transaction Risk

Export declarations, zero-rating documentation, and reverse charge compliance for imported services require documented controls β€” a natural fit for an integrated GRC evidence framework.

VAT Compliance Integrated into GRC β€” How it Works

1

Map VAT Controls to GRC Framework

Link ZATCA obligations (filing deadlines, e-invoicing, record retention) to control objectives within your GRC platform β€” creating a unified control registry.

2

Automate Evidence Collection

Pull VAT return submissions, FATOORAH e-invoicing logs, and ZATCA portal confirmations automatically into the GRC evidence repository as control proof.

3

Monitor Compliance in Real Time

Dashboard alerts for approaching VAT filing deadlines, FATOORAH transmission failures, and anomalies in VAT postings β€” before they become ZATCA findings.

4

Audit-Ready Documentation

Instant generation of ZATCA audit packs β€” invoices, returns, supporting documents, access control logs β€” in the format required for ZATCA field examinations.

5

Cross-Framework Control Reuse

VAT record-keeping controls overlap with PDPL data retention and NCA ECC audit log requirements β€” Sahl maps once and satisfies all three frameworks simultaneously.

πŸ’‘ Sahl VAT + GRC Integration

Sahl’s ZATCA module integrates with SAP, Oracle, and Microsoft Dynamics ERP systems to pull VAT-relevant data, map it against control objectives, and flag deviations automatically β€” giving your finance and compliance teams a unified view of VAT risk.

Chapter 5

ESG Reporting in Saudi Arabia β€” Requirements under Vision 2030

Saudi Arabia’s Vision 2030 transformation has elevated ESG from voluntary best practice to a strategic governance imperative β€” with Tadawul-listed companies now subject to mandatory ESG disclosure requirements.

E

Environmental Reporting

Saudi Arabia has committed to Net Zero by 2060 and 50% renewable energy by 2030. Listed companies must disclose carbon emissions (Scope 1, 2, 3), energy consumption, water usage, and climate risk exposure aligned with TCFD recommendations.

  • Carbon emissions disclosure (Scope 1–3)
  • Energy transition progress reporting
  • Water and waste management metrics
  • Climate risk scenario analysis (TCFD)
  • Renewable energy procurement tracking
S

Social Reporting

Vision 2030’s Saudisation (Nitaqat) mandate requires enterprises to track and report Saudi national employment ratios. Social reporting also covers labour practices, health & safety, community investment, and supply chain ethics.

  • Saudisation (Nitaqat) ratio tracking
  • Gender diversity and inclusion metrics
  • Occupational health & safety rates
  • Employee training and development hours
  • Community investment and charitable giving
G

Governance Reporting

CMA and Tadawul governance guidelines require disclosure of Board composition, executive compensation, anti-corruption policies, risk committee structures, and shareholder rights β€” aligned with OECD and GCC corporate governance codes.

  • Board independence and composition
  • Executive compensation disclosure
  • Anti-bribery and anti-corruption policies
  • Risk committee oversight structures
  • Whistleblower and ethics reporting

πŸ‡ΈπŸ‡¦ Vision 2030 ESG Milestones

Saudi Arabia’s Vision 2030 programme sets explicit sustainability and governance targets that enterprise ESG reporting must track and demonstrate progress against β€” from carbon neutrality to economic diversification.

Net Zero 2060 50% Renewables 2030 Giga-Projects ESG Tadawul ESG Index Nitaqat Compliance NEOM Sustainability
2025
Mandatory ESG disclosure for all Tadawul main market companies
2030
50% renewable energy Β· 70% non-oil GDP Β· 1M new private sector jobs
2060
Saudi Arabia Net Zero β€” full carbon neutrality commitment

Recognised ESG Reporting Frameworks in KSA

GRI
Global Reporting Initiative β€” most widely used in KSA
TCFD
Climate Financial Disclosures β€” CMA-recommended
SASB
Sector-specific sustainability standards
UN SDGs
17 Sustainable Development Goals aligned to Vision 2030
Chapter 6

How to Evaluate & Choose GRC Software for KSA

Not all GRC platforms are built for Saudi Arabia’s unique regulatory landscape. Here are the criteria that matter most when evaluating GRC vendors as a KSA enterprise.

βœ“

Saudi-Specific Framework Coverage

Does the platform include pre-built, up-to-date frameworks for SAMA TGF, NCA ECC, PDPL, and ZATCA β€” not just generic ISO 27001? Avoid tools that require you to manually build KSA-specific frameworks from scratch; this defeats the purpose of automation.

βœ“

Arabic Language & Bilingual Support

Regulatory submissions and internal policies in KSA are often required in Arabic. Your GRC platform must support full bilingual operation β€” Arabic and English β€” for policies, reports, audit evidence packages, and the user interface itself.

βœ“

KSA Data Residency & Sovereignty

Both NCA ECC and SAMA TGF mandate that sensitive compliance data be hosted within the Kingdom of Saudi Arabia. Verify the vendor operates KSA-region cloud infrastructure (AWS Riyadh, Google Cloud Dammam, or on-premise) β€” not merely a UAE or Bahrain data centre.

βœ“

AI-Powered Evidence Collection & Automation

Manual evidence collection is the #1 GRC bottleneck. Look for AI automation that continuously collects, classifies, and maps evidence to controls across your entire tech stack β€” reducing audit preparation from months to weeks.

βœ“

Cross-Framework Control Mapping

KSA enterprises typically face 5–8 overlapping frameworks simultaneously. A mature GRC platform maps controls once and reuses evidence across SAMA, NCA, ISO 27001, PDPL, and ZATCA β€” eliminating redundant work and inconsistent compliance postures.

βœ“

Local Support & KSA Regulatory Expertise

Compliance interpretation in Saudi Arabia requires local regulatory expertise. Prioritise vendors with Riyadh-based support teams and partnerships with SAMA-certified and NCA-accredited consultants for escalation and guidance on regulatory changes.

βœ“

Scalability from SME to Enterprise

Whether you’re a 50-person fintech startup or a 5,000-employee financial institution, your GRC platform should scale without re-implementation. Look for modular pricing, phased onboarding, and configurable workflows for Saudi organisations of all sizes.

βœ“

Integrated Risk Management Module

Compliance without risk management is incomplete. Ensure the platform includes asset-based risk assessments, risk treatment plans, residual risk tracking, and risk appetite dashboards β€” configurable to SAMA TGF and ISO 27001:2022 requirements.

βœ“

Vendor Risk Management (TPRM)

SAMA and NCA both require documented third-party risk programs. Your platform should automate vendor assessments, track remediation, generate SAMA-ready TPRM reports, and monitor vendor compliance on an ongoing basis β€” not just at onboarding.

βœ“

ESG & Vision 2030 Reporting Built In

As Saudi ESG disclosure requirements tighten, your GRC platform should include a dedicated ESG module β€” tracking Saudisation ratios, carbon metrics, GRI/TCFD reporting, and CMA governance disclosures in a single integrated dashboard.

Key Questions to Ask GRC Vendors During Evaluation

  • Is your SAMA TGF framework pre-built and maintained by your team, or must we build it ourselves?
  • Where exactly is our compliance data hosted? Can you provide your KSA data residency certification?
  • Do you have Saudi-Arabic speaking support staff available during KSA business hours?
  • How do you handle NCA ECC framework updates when NCA issues new advisories or version changes?
  • Can you demonstrate cross-mapping between SAMA, NCA ECC, ISO 27001, and PDPL in your platform?
  • Do you have reference customers in the KSA financial services or government sector we can speak with?
  • What is your typical implementation timeline for a KSA financial institution from contract to audit-ready?
Chapter 7 β€” Sahl Platform

How Sahl Addresses Every KSA Compliance Challenge

Sahl is the first AI-powered GRC platform built from the ground up for the MENA region β€” designed specifically for Saudi Arabia’s regulatory complexity, Arabic language requirements, and Vision 2030 ambitions.

01

Instant Framework Mapping

Auto-align your controls across SAMA TGF, NCA ECC, ISO 27001, PDPL, SOC 2, ZATCA, and 30+ frameworks. AI-powered mapping eliminates cross-referencing duplication β€” map once, satisfy all.

SAMA Β· NCA Β· ISO
02

Real-Time Evidence Tracker

Continuously collect control status, compliance proof, and audit logs from your technology stack. Sahl integrates with 200+ tools β€” Jira, AWS, Azure, SAP, Splunk β€” to auto-populate your control library.

200+ Integrations
03

Vulnerability Scanner with Remediation

Scan your environment against NCA ECC, SOC 2, ISO, and PDPL controls with AI-generated remediation guidance β€” mapped to specific Saudi regulatory requirements, not generic security advice.

NCA ECC Aligned
04

Sahl Bot β€” AI GRC Specialist

Sahl Bot is your always-on AI compliance advisor β€” trained on Saudi law, SAMA guidance, NCA advisories, PDPL, ZATCA regulations, and international standards. Ask it anything, in Arabic or English.

Arabic + English
05

ESG & Vision 2030 Module

Generate GRI, TCFD, and CMA-aligned ESG reports automatically. Track Saudisation ratios, carbon emissions, and governance KPIs in a single dashboard β€” Tadawul disclosure-ready from day one.

Vision 2030 Ready
06

ZATCA / VAT Integration

Link FATOORAH e-invoicing compliance, VAT filing controls, and ZATCA audit requirements directly into your GRC framework β€” treating VAT compliance as a governance obligation, not just a finance task.

ZATCA Phase 2
FAQ

Frequently Asked Questions About GRC in Saudi Arabia

Common questions from KSA enterprises about GRC frameworks, compliance obligations, and the Sahl platform.

GRC stands for Governance, Risk & Compliance β€” the integrated framework that enables organisations to align business objectives with regulatory requirements, manage operational and cyber risks systematically, and demonstrate compliance to regulators and stakeholders. For KSA enterprises, GRC is critical because Saudi Arabia’s regulatory environment is one of the most demanding in the Gulf: SAMA, NCA ECC, PDPL, ZATCA, and Vision 2030 mandates all impose structured, auditable compliance obligations β€” with severe penalties including fines up to SAR 5 million and potential licence suspension for non-compliance.
The SAMA Technology Governance Framework (TGF) applies to all entities regulated by the Saudi Central Bank (SAMA), including: commercial and investment banks, insurance and reinsurance companies, finance companies and consumer lending institutions, payment service providers and licensed fintech operators (such as STC Pay and similar), money changers and remittance operators, and any entity that outsources critical technology functions to third-party providers. If you hold a SAMA licence of any kind, the TGF applies to your organisation in full.
The NCA ECC (Essential Cybersecurity Controls) is Saudi Arabia’s national cybersecurity framework issued by the National Cybersecurity Authority. It consists of 5 domains and 114 controls covering cybersecurity governance, defence, resilience, third-party security, and industrial control systems. Mandatory compliance applies to all Saudi government ministries, state-owned enterprises, and entities operating in critical national infrastructure sectors β€” including banking, telecommunications, energy, healthcare, water, and transport. Private sector entities in these sectors face increasing NCA audit scrutiny, and non-compliance can result in operational restrictions and referral to the Public Prosecution.
VAT compliance under ZATCA (Zakat, Tax and Customs Authority) integrates naturally with GRC because FATOORAH Phase 2 e-invoicing requires deep controls over data integrity, access management, and audit trails β€” the same disciplines that GRC governs. A GRC platform like Sahl maps ZATCA obligations (filing deadlines, record retention, e-invoicing controls) to your control framework, automates evidence collection from ERP systems, and generates audit-ready documentation packages. This approach treats VAT compliance as a governance obligation, surfacing risks earlier and dramatically reducing the manual effort of ZATCA field examination preparation.
Tadawul (Saudi Exchange) listed companies are subject to CMA ESG disclosure guidelines requiring annual sustainability reports. Expected frameworks include GRI Standards for general reporting, TCFD recommendations for climate risk disclosure, and alignment with Vision 2030 KPIs β€” including Saudisation (Nitaqat) ratios, renewable energy progress, carbon emissions, and governance structure disclosures. Saudi Arabia has also committed to Net Zero by 2060, driving upstream requirements on listed companies to begin tracking Scope 1, 2, and 3 emissions. Non-listed but large private enterprises are increasingly expected to disclose ESG performance as part of vendor qualification for government and giga-project contracts.
Yes, they overlap significantly. NCA ECC is the national cybersecurity baseline for all critical sector entities, while SAMA TGF is the technology governance framework specific to SAMA-regulated financial institutions. For a bank or insurance company regulated by SAMA, both frameworks apply simultaneously. The good news: approximately 60–70% of SAMA TGF cybersecurity controls can be satisfied by demonstrating NCA ECC compliance, and vice versa. A mature GRC platform like Sahl maps controls across both frameworks simultaneously, so evidence collected for NCA ECC automatically contributes to SAMA TGF compliance β€” eliminating duplication.
Implementation timelines vary by organisation size and scope, but with Sahl, most KSA enterprises reach an audit-ready compliance posture in 4–8 weeks for their primary framework β€” compared to 6–9 months with traditional consulting-led approaches. A typical Sahl implementation follows three phases: (1) Platform configuration and framework selection (1–2 weeks), (2) Control library import and gap assessment (2–3 weeks), and (3) Evidence collection automation setup and team training (1–2 weeks). Larger, multi-framework programmes for major banks may take 3–4 months, but even these are significantly faster than manual alternatives.
Yes. Sahl offers Saudi Arabia-region cloud hosting on AWS Riyadh infrastructure to meet NCA ECC and SAMA TGF data residency requirements. All compliance data β€” evidence, policies, risk registers, audit trails β€” is stored entirely within the Kingdom’s borders. We can also support on-premise deployment for organisations with stricter data sovereignty requirements. Sahl provides formal data residency attestation documentation suitable for SAMA examination packs and NCA assessments.
Fully. Sahl is built as a bilingual platform from the ground up β€” Arabic and English are first-class languages throughout the system. This includes the full user interface, policy templates (pre-built in both languages), audit report generation (Arabic and English simultaneously), Sahl Bot AI assistant (responds fluently in Arabic), and regulatory submission documents formatted to SAMA and NCA requirements. This is not a translation layer on an English platform β€” it is native bilingual design, reflecting Sahl’s origins as a MENA-first GRC platform.
Yes. Sahl includes a dedicated PDPL module covering all core obligations: data mapping and ROPA (Records of Processing Activities), Data Subject Rights (DSR) workflow management, Privacy Impact Assessments (PIAs), consent management, breach notification workflows, and Data Protection Officer (DPO) service support. Sahl Bot acts as a virtual DPO β€” providing 24/7 PDPL guidance and flagging compliance gaps. For organisations requiring a certified human DPO, Sahl partners with PDPL-certified consultants in KSA for hybrid virtual/human DPO arrangements.
Sahl is built for businesses of all sizes across the KSA market. Fast-growing Saudi fintech startups use Sahl to achieve SAMA licensing compliance and ISO 27001 certification in weeks. Mid-sized healthcare providers use it for PDPL and NCA compliance. Large banks and government entities use it to manage multi-framework, multi-entity compliance programmes at scale. Sahl’s modular architecture and flexible pricing means you start with the frameworks and features you need today and expand as your compliance programme grows β€” without platform re-implementation.

Ready to Simplify GRC for Your KSA Enterprise?

Join 500+ Saudi organisations that have accelerated their compliance journey with Sahl’s AI-powered GRC platform. SAMA, NCA ECC, PDPL, ZATCA, ESG β€” all covered, all automated, all in one platform.

No credit card required Β· Arabic & English support Β· KSA data residency included Β· 4–6 week to audit-ready

WhatsApp