Group SOC model — extend KSA SOC, MSSP, or net-new India SOC.it.decisions.d08

P0 G

Summary

Critical security capability decision. Decision owner (sheet): CISO + IT Head. Sheet target: Wk 3.

Rationale prompt skeleton

Capture the rationale for this decision. Sheet-recorded justification: "Critical security capability decision.". Reference the evidence questions, name the alternatives considered, and explain how this decision propagates to design, BoM, and operating model.

Default options (3)

extend_ksa_soc Extend KSA SOC to group

KSA SOC absorbs India + other subsidiaries.

Pros

+ Single pane
+ Reuse existing investment

Cons

− Capacity to scale
− Cross-tenant residency review

mssp MSSP-led

Third-party managed SOC across the group.

Pros

+ No capex
+ 24x7 by design

Cons

− Vendor lock-in
− Less context on internal env

net_new_india_soc Net-new India SOC

Build a dedicated India SOC inside the GCC.

Pros

+ Sovereign capability
+ Closer to GCC ops

Cons

− Heaviest investment
− Slowest to stand up

Default approval chain

Admin
ExecutiveViewer

Linked evidence questions (4)

id	prompt	workstream
it.identity_security.q07	SIEM platform (Sentinel, Splunk, QRadar, Chronicle, none). SOC — in-house, MSSP, hybrid. Log sources connected. Avg time-to-detect / time-to-respond if known.	it.identity_security
it.identity_security.q12	IR runbook and on-call rotation. Last incident (description, impact, lessons-learned). Cyber insurance — carrier and coverage.	it.identity_security
it.identity_security.q16	How are cybersecurity responsibilities currently managed — dedicated CISO, fractional, MSSP, none? Per-subsidiary or group?	it.identity_security
it.identity_security.q20	Are there areas where cybersecurity visibility is currently limited — log coverage gaps, unmonitored assets, no SOC for some subsidiaries?	it.identity_security