Design
Solution Advisor + Command CenterConfigure solution scope, architecture, vendor fit, pricing, and proposal output.
A clean landing terminal for accessing NABDs.AI solution advisory, partner acceleration, unified command-center operations, roadmap planning, intelligence, investment screening, AI policy, and governance portals.
Solution Advisor and Unified Solution Command Center support deal and architecture decisions.
Partner Accelerator and Intelligence Platform structure ecosystem readiness and GTM focus.
Roadmap and AI Investment tools support FY26 priorities and market screening.
AI Policy and Governance Command Center support safe usage, control, and compliance.
Configure solution scope, architecture, vendor fit, pricing, and proposal output.
Validate partner maturity, GTM readiness, capability gaps, and ecosystem opportunities.
Track market signals, priority targets, FY26 build windows, and strategic initiatives.
Enforce safe AI usage, approved tools, monitoring, DLP, incident intake, and compliance.
This native section shows how AI Academy, AI for Enterprise, AI Platform, AI for Industry, and CoCreate interact to move demand from strategy into delivery, commercialization, innovation, and workforce enablement.
Core flow: AI for Enterprise → AI Platform → AI for Industry → Customer Value. AI Academy enables all functions. CoCreate continuously feeds innovation into the ecosystem.
Select one function at a time to show its responsibilities, inputs, outputs, interactions, and leader or IC expectations without mixing it with the other functions.
This section establishes NABDs.AI's internal policy baseline for safe, secure, ethical, and accountable AI usage across the company and the Cortex platform. It is written for employees, contractors, partners, delivery teams, product teams, healthcare teams, and leadership users operating in the Saudi market.
The policies are designed to support Saudi regulatory expectations, Saudi Personal Data Protection Law requirements, Saudi Data & Artificial Intelligence Authority ethics principles, National Cybersecurity Authority control expectations, healthcare governance needs, and Vision 2030 digital transformation priorities.
All abbreviated terms used in these policies are decoded below so policy users understand what each term means and why it matters.
This policy defines how NABDs.AI personnel may use AI responsibly, securely, and lawfully. It applies to internal work, customer work, Cortex platform usage, delivery activities, product development, and partner collaboration.
AI is approved as a productivity, research, development, and decision-support capability. AI must not be used to bypass human judgment, security review, clinical review, regulatory review, or leadership approval.
This policy classifies data and defines what information can be processed through AI systems. It protects NABDs.AI, customers, partners, employees, patients, public-sector stakeholders, and Cortex environments.
| Level | Meaning | AI handling rule | Examples |
|---|---|---|---|
| Public | Approved for public disclosure. | Allowed in approved AI tools and public AI systems if no other restriction applies. | Website content, public brochures, public press releases. |
| Internal | For NABDs.AI internal business use. | Allowed only in approved company AI environments. | Internal procedures, meeting notes, non-sensitive project plans. |
| Confidential | Could harm NABDs.AI or customers if disclosed. | Allowed only in approved secured NABDs.AI or customer environments with logging and access control. | Customer proposals, pricing, source code, roadmaps, contracts. |
| Restricted | Highly sensitive, regulated, or legally protected. | Blocked unless explicitly approved in a protected environment with governance approval. | National IDs, patient records, government restricted data, credentials, encryption keys. |
A prompt inherits the highest classification of the information included in it. If a prompt includes patient data, it becomes Restricted. If it includes a customer proposal, it becomes Confidential.
AI outputs inherit the highest classification from the input, knowledge source, and generated content. A summary of a confidential proposal remains Confidential even if the summary is short.
This policy defines security controls for AI systems, models, prompts, agents, APIs, integrations, knowledge bases, logs, and Cortex environments.
This policy ensures NABDs.AI AI systems are ethical, fair, transparent, accountable, explainable, safe, privacy-preserving, and aligned with Saudi-market expectations.
| Risk | Example | Required review |
|---|---|---|
| Low | Internal meeting summary. | Basic user review. |
| Medium | Customer support assistant. | Product and governance review. |
| High | Healthcare recommendation or government decision support. | SME, security, legal, governance, and business approval. |
| Critical | Autonomous public-service or clinical decision workflow. | Executive and governance approval; human decision remains mandatory. |
Healthcare AI must follow a “clinician in control” model. AI may summarize, recommend, analyze, and draft, but it must not independently diagnose, prescribe, or override licensed professionals.
AI may support analysis, workflow preparation, and citizen-service efficiency, but official decisions, public-sector submissions, and citizen-impacting determinations must remain under authorized human control.
This policy ensures AI outputs are checked before being used, distributed, or acted upon. AI outputs are draft intelligence until validated.
| Level | Output type | Validation required | Example |
|---|---|---|---|
| 1 Informational | Low-risk drafts. | Basic human review. | Brainstorming slogans. |
| 2 Operational | Internal business outputs. | Reviewer validation. | Project plan summary. |
| 3 Business Critical | Decision-support outputs. | SME review. | Financial forecast or proposal pricing logic. |
| 4 Regulated | Healthcare, government, compliance, security. | Qualified professional approval. | Clinical workflow recommendation. |
| 5 Mission Critical | Could cause significant harm if wrong. | Formal governance and executive review. | Autonomous public-service action. |
This policy governs how NABDs.AI designs, builds, tests, deploys, operates, changes, and retires AI systems, including Cortex capabilities, agents, models, workflows, and customer solutions.
This policy governs AI agents, multi-agent systems, autonomous workflows, digital workers, copilots, and Cortex orchestration capabilities that can perform actions or coordinate tasks.
| Level | Capability | Example | Approval |
|---|---|---|---|
| A0 | Read-only information assistant. | Answers questions from approved documents. | Product owner. |
| A1 | Recommendation agent. | Suggests next best action for a sales opportunity. | Product owner and governance review. |
| A2 | Workflow execution agent. | Creates service tickets or draft emails. | Security and governance review. |
| A3 | Multi-system orchestration agent. | Reads CRM, creates tasks, updates project status. | Architecture, security, governance approval. |
| A4 | Autonomous operational agent. | Coordinates command-center actions with human approval gates. | Executive and AI Governance Council approval. |
| A5 | Autonomous strategic agent. | Enterprise-scale multi-agent planning and execution. | Executive committee, risk committee, and governance approval. |
Human approval is mandatory for financial transactions, procurement approvals, clinical recommendations, official government submissions, legal determinations, user access changes, privilege elevation, and customer-impacting communications.
This section expands the NABDs.AI internal policy framework beyond security. It is written for internal employees, contractors, delivery teams, platform administrators, and approved partners using NABDs.AI and Cortex. The policies are designed for Saudi-market enterprise, healthcare, government, and Vision 2030-aligned use cases.
The infographic summarizes how the 22 NABDs.AI governance policies connect across Foundation, Compliance, Cortex Governance, Operations, Healthcare & Government, and Enterprise Assurance domains.
Click the image to view the full framework.
Establishes how NABDs.AI creates, stores, protects, retains, archives, and disposes of AI-related records, including prompts, outputs, approvals, agent logs, model records, incidents, and audit evidence.
This policy applies to all NABDs.AI employees, contractors, partners, Cortex administrators, AI product teams, customer delivery teams, and any system that creates or stores AI-related records.
Cortex should include retention labels, legal hold capability, immutable audit logs, approval history, exportable evidence packages, and automated deletion workflows based on classification.
Supports Saudi Personal Data Protection Law expectations around data lifecycle management and accountability, and helps demonstrate evidence readiness for ministries, healthcare organizations, and regulated enterprises.
Violations may result in access suspension, governance escalation, remediation requirements, disciplinary action, contract remedies, or regulatory notification where required.
Defines how Cortex is governed as a controlled enterprise AI platform, including ownership, tenancy, access, releases, configuration, integrations, and operational responsibilities.
Applies to all Cortex environments, including internal NABDs.AI use, customer deployments, healthcare deployments, government deployments, pilots, sandboxes, and production tenants.
Cortex should provide tenant isolation, admin role separation, configuration baselines, environment promotion controls, release logs, privileged access review, and customer-specific governance dashboards.
Supports sovereign AI expectations in Saudi Arabia by demonstrating controlled platform administration, separation of customer environments, and governance traceability.
Violations may result in access suspension, governance escalation, remediation requirements, disciplinary action, contract remedies, or regulatory notification where required.
Controls the selection, approval, use, monitoring, versioning, and retirement of AI models used by NABDs.AI and Cortex.
Applies to commercial models, open-source models, fine-tuned models, embedded models, classification models, generative models, and any model used in production or customer-facing workflows.
Cortex should include a model registry, model risk scoring, approved model list, version controls, rollback capability, performance monitoring, and model retirement workflows.
Supports Saudi market trust by showing customers that NABDs.AI does not use uncontrolled or unknown models for regulated, healthcare, or government workloads.
Violations may result in access suspension, governance escalation, remediation requirements, disciplinary action, contract remedies, or regulatory notification where required.
Defines how enterprise knowledge, documents, data sources, vector stores, and Retrieval Augmented Generation workflows are governed.
Applies to all Cortex knowledge bases, document uploads, indexed repositories, embeddings, vector databases, search connectors, and context sources used by AI systems.
Cortex should enforce access-aware retrieval, source attribution, document lineage, vector-store isolation, content freshness checks, approval workflows, and knowledge quality scoring.
Supports Saudi regulated-sector deployments where customers expect data sovereignty, source control, reliable retrieval, and no cross-customer data exposure.
Violations may result in access suspension, governance escalation, remediation requirements, disciplinary action, contract remedies, or regulatory notification where required.
Ensures that AI vendors, model providers, data providers, software platforms, cloud services, and external tools are evaluated before purchase or use.
Applies to procurement, contracting, pilots, subscriptions, open-source adoption, vendor integrations, and partner-provided AI capabilities.
Cortex should maintain an approved vendor registry, vendor risk status, permitted use cases, contract restrictions, and automated blocking of unapproved AI services where possible.
Supports procurement confidence for Saudi ministries and enterprises by showing structured third-party governance, not ad hoc tool adoption.
Violations may result in access suspension, governance escalation, remediation requirements, disciplinary action, contract remedies, or regulatory notification where required.
Defines how risks from third-party AI providers, APIs, plugins, connectors, agents, datasets, and infrastructure services are identified, assessed, monitored, and remediated.
Applies to any external dependency that supports NABDs.AI AI systems or Cortex workloads.
Cortex should include provider health monitoring, connector permission governance, third-party risk dashboards, integration logs, and emergency disable controls.
Supports Saudi sovereign and regulated AI expectations by reducing dependency risk and proving external providers are actively governed.
Violations may result in access suspension, governance escalation, remediation requirements, disciplinary action, contract remedies, or regulatory notification where required.
Establishes mandatory AI literacy, responsible AI training, security awareness, and role-based certification for users of AI systems.
Applies to employees, contractors, consultants, partners, administrators, developers, data scientists, product teams, sales teams, and executives.
Cortex should include training assignments, acknowledgement tracking, policy quizzes, role-based learning paths, certification status, and access gating based on completion.
Supports Saudi workforce enablement and Vision 2030 capability-building by making responsible AI adoption part of the operating model.
Violations may result in access suspension, governance escalation, remediation requirements, disciplinary action, contract remedies, or regulatory notification where required.
Defines patient safety, clinical oversight, validation, privacy, accountability, and explainability requirements for AI used in healthcare contexts.
Applies to healthcare command centers, clinical decision support, population health analytics, hospital operations, patient communications, medical summarization, and healthcare AI agents.
Cortex should provide clinical review workflows, patient-data controls, role-based access, source traceability, explainability, clinical risk scoring, and human approval gates.
Supports Saudi healthcare transformation while respecting patient safety, privacy, and clinical accountability expectations.
Violations may result in access suspension, governance escalation, remediation requirements, disciplinary action, contract remedies, or regulatory notification where required.
Defines governance for AI systems used with ministries, municipalities, public services, smart cities, government data, and citizen-facing workflows.
Applies to all public sector engagements, government pilots, sovereign AI deployments, citizen services, public dashboards, and ministry-facing Cortex tenants.
Cortex should support sovereign deployment options, ministry-specific tenant controls, citizen-data protections, public-sector audit logs, and approval workflows.
Aligns NABDs.AI with Saudi public-sector expectations for sovereignty, citizen trust, transparency, and accountability.
Violations may result in access suspension, governance escalation, remediation requirements, disciplinary action, contract remedies, or regulatory notification where required.
Establishes a structured process for identifying, assessing, treating, accepting, monitoring, and reporting AI risks across NABDs.AI and Cortex.
Applies to all AI initiatives, models, agents, products, pilots, customer deployments, and internal AI use cases.
Cortex should include risk scoring, risk registers, control mapping, mitigation tracking, exception management, and executive risk dashboards.
Supports enterprise and government buyer confidence by showing mature AI risk governance aligned with international and Saudi expectations.
Violations may result in access suspension, governance escalation, remediation requirements, disciplinary action, contract remedies, or regulatory notification where required.
Defines how NABDs.AI identifies, reports, triages, investigates, remediates, and learns from AI-related incidents.
Applies to incidents involving AI outputs, model behavior, privacy, hallucinations, bias, unsafe recommendations, agent misuse, data leakage, or compliance failures.
Cortex should include incident intake, severity scoring, prompt/output preservation, agent suspension, evidence export, remediation workflow, and incident dashboards.
Supports trust with Saudi healthcare, government, and enterprise customers by proving NABDs.AI can detect and respond to AI failures responsibly.
Violations may result in access suspension, governance escalation, remediation requirements, disciplinary action, contract remedies, or regulatory notification where required.
Establishes audit, assurance, evidence collection, control testing, and reporting requirements for NABDs.AI AI governance.
Applies to AI policies, Cortex controls, model governance, agent governance, data handling, security, privacy, output validation, and customer commitments.
Cortex should provide audit evidence packs, control dashboards, approval records, immutable logs, compliance mappings, and exportable reports.
Helps NABDs.AI compete in Saudi regulated sectors where ministries, hospitals, and enterprises require auditability before adopting AI platforms.
Violations may result in access suspension, governance escalation, remediation requirements, disciplinary action, contract remedies, or regulatory notification where required.
Defines how NABDs.AI maintains AI service continuity during model outages, provider failures, cyber incidents, data unavailability, infrastructure disruption, or agent malfunction.
Applies to Cortex, customer AI deployments, internal AI tools, critical agents, model providers, knowledge repositories, and integrations.
Cortex should include failover models, backup knowledge stores, degraded-mode operation, agent kill switches, disaster recovery logs, and service health dashboards.
Supports Saudi enterprise and government readiness by proving AI capabilities can remain reliable, controlled, and recoverable during disruptions.
Violations may result in access suspension, governance escalation, remediation requirements, disciplinary action, contract remedies, or regulatory notification where required.
Purpose: Strategic oversight, policy approval, enterprise risk management, regulatory alignment, and executive accountability.
| Role | Responsibilities | Decision Authority |
|---|---|---|
| Chief Executive Officer (CEO) | Executive sponsorship and strategic direction | Final approval for critical AI initiatives |
| Executive Leadership Team (ELT) | Business alignment and investment prioritization | Strategic decisions |
| AI Governance Council | Enterprise AI oversight | Policy and governance decisions |
| Risk & Compliance Committee | Regulatory and compliance oversight | Risk acceptance and compliance decisions |
| Governance Body | Primary Owner | Core Responsibilities |
|---|---|---|
| AI Governance Council | Chief AI Officer | Policies, approvals, exceptions, high-risk AI reviews |
| Data Governance Council | Chief Data Officer | Data classification, quality, retention, PDPL compliance |
| Security & Trust Council | Chief Information Security Officer (CISO) | AI security, threat management, incident review |
| Cortex Governance Office | Cortex Platform Owner | Model, Agent, Prompt, and Knowledge Governance |
| Role | Accountability |
|---|---|
| Platform Executive Sponsor | Platform strategy, investment, roadmap |
| Cortex Platform Owner | Operations, release management, service quality |
| Cortex Governance Office | Agent Registry, Model Registry, Prompt Registry, Knowledge Registry |
| Board | Owner | Responsibilities |
|---|---|---|
| Clinical AI Governance Board | Healthcare Governance Lead | Patient safety, clinical validation, healthcare AI approvals |
| Public Sector AI Governance Board | Public Sector Governance Lead | Sovereign AI, ministry deployments, citizen-impact reviews |
| Governance Area | Accountable | Responsible | Consulted | Informed |
|---|---|---|---|---|
| AI Policies | AI Governance Council | Governance Office | Legal, Security | Executive Team |
| Data Governance | Chief Data Officer | Data Governance Team | Security, Legal | Business Units |
| AI Security | CISO | Security Operations | Architecture | Executive Team |
| Cortex Platform | CTO | Platform Owner | Security, Product | Governance Council |
| Healthcare AI | Clinical Governance Board | Healthcare AI Team | Compliance | Executive Team |
| Government AI | Public Sector Governance Board | Delivery Team | Security, Legal | Executive Team |
CEO │ ├── Executive Leadership Team ├── AI Governance Council │ ├── Data Governance Council │ ├── Security & Trust Council │ ├── Cortex Governance Office │ │ ├── Agent Governance │ │ ├── Model Governance │ │ ├── Prompt Governance │ │ └── Knowledge Governance │ ├── Clinical AI Governance Board │ └── Public Sector AI Governance Board └── Risk & Compliance Committee
This landing page is intended for authorized NABDs.AI, Ascend, and approved partner stakeholders. Treat datasets, partner scoring, policy outputs, and governance dashboards as confidential operating assets.
Compact portal summary.