Sorry, you need to enable JavaScript to visit this website.

Human Resources Policy

1-General Requirements:

- Cybersecurity requirements related to employees must be defined.

- Positions related to sensitive systems at King Saud University must be occupied by citizens with the necessary qualifications.

- Cybersecurity controls related to human resources must be implemented throughout the employee lifecycle at King Saud University, which includes the following stages:

  • Before hiring

  • During employment

  • Upon termination or expiration of employment

- Employees at King Saud University must understand their job roles, conditions, and responsibilities related to cybersecurity, and agree to them.

- Cybersecurity responsibilities and confidentiality clauses (non-disclosure agreement ) must be included in the contracts of employees at King Saud University (to cover  during and after the end/termination of the employment relationship with King Saud University).

- Violations related to cybersecurity must be included in the list of human resources violations at King Saud University.

- Access to employee information without prior authorization is prohibited.

- Key performance indicators (KPIs) must be used to ensure the continuous development of cybersecurity requirements related to human resources.

2-Pre-employment

- Employees must commit to adhering to cybersecurity policies before being granted access to King Saud University systems.

- All King Saud University employees and users of King Saud University information must sign an appropriate confidentiality agreement (such as an employee security manual) or non-disclosure agreement at the time of joining/participating, as part of their contract. This agreement must specifically require the employee to comply with all applicable cybersecurity policies, procedures, standards, and guidelines.

- Employees’ roles and responsibilities must be clearly defined, taking into account the principle of avoiding conflicts of interest.

- Employees’ roles and responsibilities related to cybersecurity must be specified within their job descriptions.

- Cybersecurity roles and responsibilities must include the following:

- Protecting all King Saud University assets from unauthorized access or sabotage.

- Carrying out all required cybersecurity-related activities.

- Complying with King Saud University’s cybersecurity policies and standards.

- Adhering to the cybersecurity awareness enhancement program.

- Security screening must be conducted for employees working in cybersecurity positions, technical positions with critical and sensitive privileges, and positions related to sensitive systems.

- Contracted employees or external parties visiting sensitive areas must be required to sign a confidentiality or non-disclosure agreement, as applicable.

- When employees are provided through external parties, the contract must define the external party’s responsibilities regarding employee background checks and cybersecurity requirements.

3- During Employment:

- An awareness program must be provided periodically to enhance cybersecurity awareness, including cybersecurity policies and standards.

- The Human Resources Department must notify the concerned departments of any changes in employees’ roles or responsibilities to enable the necessary actions regarding access privilege revocation or modification.

- Compliance with human resources-related cybersecurity requirements must be ensured.

- Cybersecurity compliance must be included as part of employee performance evaluations.

- The principle of “need-to-know” must be applied when assigning tasks.

- Formal disciplinary actions related to cybersecurity must be taken in accordance with the policies, procedures, guidelines, and directives of Human Resources Security.

- The disciplinary process must provide a graduated response while considering influencing factors such as: the nature and severity of the cybersecurity incident, its business impact, recurrence, and whether the violator had received proper training.

- All relevant King Saud University departments must take adequate precautions to separate employees’ duties in order to minimize opportunities for unauthorized access, alteration, or misuse of information.

- Department managers at King Saud University must be aware of their employees’ personal circumstances and remain attentive to any behavioral changes that could lead to a security breach or violation.

- Department managers at King Saud University, in cooperation with the Human Resources Department, must ensure the availability of sufficient workforce and skills as a contingency for critical roles and operations.

- The Human Resources Department must notify the concerned departments of any changes in employees’ roles or responsibilities to enable the necessary actions regarding access privilege revocation or modification.

4- End of Service or Termination:

- End-of-service or termination procedures must be defined to cover cybersecurity requirements.

- The Human Resources Department must notify the concerned units when an employment relationship is nearing its end or being terminated, in order to take the necessary actions.

- All King Saud University assets must be returned, and employees’ access privileges revoked, on their last working day and prior to receiving the necessary clearance.

- Responsibilities and obligations that remain in effect after the termination of service at King Saud University—such as confidentiality agreements—must be clearly defined and included in all employment contracts.

Last updated on : August 20, 2025 9:22am