An independent assessment that combines the Qiyas score with an operational maturity layer, so leadership gets a clear read and a roadmap they can actually run.
The DGA assessment scores each standard on one of four states — full compliance, partial, non-compliance, or not applicable. Precise and necessary, but it doesn't answer the question a director general asks in the first meeting: which maturity stage are we in? That is where the SAHM layer comes in. We take the Qiyas output and place the entity on a five-stage ladder: foundations, standardisation, application, measurement, continuous improvement. Entities that worked with us on this layer before the formal verification raised their score by 15 to 25%.
We sit with leadership before any paperwork: scope, expectations, constraints, and who actually owns the decision inside the entity.
We request documents, reports, and systems for every perspective with a checklist that names each item and its reference, so your team is not guessing what we need.
Structured interviews with each perspective owner, then we rate each of the 89 standards against the DGA four states. No flattering.
We translate standard-level results into a position on the five-stage operational maturity ladder — this layer is SAHM's, not part of Qiyas.
A detailed report, a remediation map, and a leadership deck in both languages — handed over in a meeting, not by email.
A methodology built directly off V5.0, line by line, run by a Saudi team that has sat in live verification rooms — not just training workshops. We know what the reviewer looks for before the file is even open.
A bilingual report that goes to the board as-is: compliance rating per standard, position on the maturity ladder, prioritised gap map, and a remediation plan with effort costed in person-days.
No bias toward any tech vendor and no back-channel commissions. The recommendation serves your entity, not a software seller.
No. Qiyas rates each standard against one of four compliance states. It has nothing to do with CMMI tiers. Our assessment is a reading layer on top of the Qiyas results that translates them into operational maturity language a CEO can act on.
Because "partial compliance on 5.16.1" is not a sentence you put in front of a director general. Leadership needs to hear: we are in standardisation, we need 14 months and X budget to reach application. That is what the layer produces.
Readiness is a half-day conversation that gives you a broad picture. The maturity assessment is 3 to 6 weeks of fieldwork across all 89 standards ending in a leadership-grade report. Start with readiness if you are not sure the spend is worth it.
Not at all. The formal verification stays with the DGA and it remains the mandatory one. Ours is preparation work, run before the reviewer arrives, designed to find what the reviewer will find before they find it.
Depends on entity size and how thin the existing evidence is. The number you pay for an independent pre-assessment is well below what you pay for a formal cycle that comes back with correction requests.
Yes. National companies use the Qiyas framework as an internal benchmark even when they are not required to. We adapt the methodology to the entity's actual line of work and sector.
Every week you delay the independent assessment is a week shaved off the remediation window before the formal cycle. Start with a short call and we'll agree the scope and timeline.
Back to all services
