Sorry, you need to enable JavaScript to visit this website.

Human Resources Policy

 

General Terms:

·         The cybersecurity requirements related to employees must be defined.

·         The positions related to sensitive systems at King Saud University must be filled by qualified citizens.

·         Cybersecurity controls for human resources must be applied throughout the employee lifecycle at King Saud University, which includes the following stages:

-       Pre-employment

-       During employment

-       Upon termination of employment

·       Employees at King Saud University must understand their job roles, cybersecurity-related conditions and responsibilities, and agree to them.

·       Cybersecurity responsibilities and non-disclosure clauses must be included in contracts for employees at King Saud University (including during and after the termination of the employment relationship).

·       Cybersecurity violations must be included in King Saud University’s human resources violation list.

·       Accessing employee information without prior authorization is prohibited.

·       Key Performance Indicators (KPI) should be used to ensure the continuous development of cybersecurity requirements related to human resources.

 

Pre-employment:

·       Employees must commit to cybersecurity policies before being granted access to King Saud University’s systems.

·       All employees at King Saud University and users of King Saud University’s information must sign an appropriate confidentiality agreement (such as the Employee Security Manual) or a non-disclosure agreement at the time of joining or participation, as part of their contract. This agreement must specifically require the employee to comply with all applicable cybersecurity policies, procedures, standards, and guidelines.

·       The roles and responsibilities of employees must be defined, taking into account the application of the principle of avoiding conflicts of interest.

·       Employees' roles and responsibilities related to cybersecurity must be included in the job description.

·       Roles and responsibilities related to cybersecurity must include:

-       Protecting all King Saud University assets from unauthorized access or damage.

-       Performing all necessary activities related to cybersecurity.

-       Complying with King Saud University’s cybersecurity policies and standards.

-       Adhering to the cybersecurity risk awareness program.

·       A security screening must be conducted for employees in cybersecurity roles, technical positions with sensitive and critical privileges, and roles related to sensitive systems.

·       Contract employees or external parties visiting sensitive areas must sign a confidentiality agreement or non-disclosure agreement as required.

·       When employees are provided by external parties, the contract must specify the external party's responsibilities regarding background checks and cybersecurity requirements.

 

During Employment:

·       A cybersecurity awareness program, including policies and standards, must be provided periodically.

·       The Human Resources Department must inform relevant departments of any changes in employees' roles or responsibilities to take the necessary actions regarding access privileges.

·       Cybersecurity requirements for human resources must be ensured.

·       Cybersecurity compliance should be included as part of employee performance evaluations.

·       The principle of need-to-know must be applied when assigning tasks.

·       Disciplinary actions related to cybersecurity must be taken according to the policies, procedures, guidelines, and memorandums of instructions for human resources security.

·       The disciplinary process must provide a graduated response, considering factors such as the nature and severity of the cybersecurity incident, its impact on operations, whether it was a recurring incident, and whether the violator was properly trained.

·        All relevant departments at King Saud University must take adequate precautions to separate employees' duties to minimize the risk of unauthorized access or misuse of information.

·       Department heads at King Saud University must be aware of their employees’ personal circumstances and be informed of any behavioral changes that may lead to a security breach or violation.

·       Department heads at King Saud University, in collaboration with Human Resources, must ensure the availability of adequate workforce and skills as backup for critical roles and operations.

 

Termination of Service:

·       Procedures for professional termination must be defined to cover cybersecurity requirements.

·       The Human Resources Department must inform the relevant units when the termination of the employment relationship is approaching to take the necessary actions.

·       All King Saud University assets must be returned, and access privileges must be revoked on the employee's last working day, before receiving final settlements.

·       Responsibilities and duties that will remain in effect after the employee's service ends at King Saud University must be defined, including the non-disclosure agreement. These responsibilities and duties must be included in all employee contracts.

 


Last updated on : October 14, 2025 9:30am