General Terms:

·       Information must be handled according to the specified classification, in accordance with the Data Classification Policy and the King Saud University Data and Information Protection Policy, ensuring the confidentiality, integrity, and availability of the information.

·       Violating the rights of any individual or company protected by copyright, patent, or other intellectual property rights, or similar laws or regulations is prohibited, including, but not limited to, installing unauthorized or illegal software.

·       Downloading, redistributing, and printing articles, documents, or other copyrighted materials onto King Saud University information systems is strictly prohibited.

·       Receiving, printing, transmitting, or disseminating proprietary data, King Saud University secrets, or other confidential information in violation of policy or proprietary agreements is prohibited.

·       Printouts should not be left unattended on shared printers.

·       External storage media must be securely and appropriately stored, such as ensuring a specific temperature setting and keeping it in an isolated and secure place.

·       Using other users' passwords, including those of a user’s manager or subordinates, is prohibited.

·       Adhere to the safe and clean desk policy, ensuring that desktop surfaces and display screens are free from classified information.

·       Disclosing any information related to the university, including systems and network-related information, to any unauthorized person, whether internal or external, is prohibited.

·       Publishing university-related information on media or social networks is prohibited without prior authorization.

·       The use of university systems and assets for personal gain or business purposes, or for any purpose unrelated to King Saud University activities, is prohibited.

·       Personal devices must not be connected to the university’s networks and systems without prior authorization, in compliance with the Mobile Device Security (BYOD) Policy.

·       Engaging in activities aimed at bypassing the approved protection systems at King Saud University, including antivirus programs, firewalls, and malware detection or prevention systems, is prohibited unless authorized and in accordance with the university's approved procedures.

·       Hosting unauthorized individuals in sensitive areas is prohibited unless prior authorization is obtained.

·       Identification cards must be worn in all King Saud University facilities.

·       The General Directorate of Cybersecurity must be notified in case of loss, theft, or leakage of information.

·       The General Directorate of Cybersecurity reserves the right to monitor systems, networks, and work-related personal accounts and conduct an annual review to monitor compliance with cybersecurity policies and standards.

·       Every user is responsible for preventing unauthorized access, including displaying information resources in their possession or under their responsibility, such as computer devices, laptops, desktops, and printouts.

Computer Protection:

·       External storage media must not be used without prior authorization from the General Directorate of Cybersecurity.

·       Activities that may affect the efficiency, integrity, or safety of systems and assets are prohibited without prior permission from the General Directorate of Cybersecurity, including activities that allow users to gain higher privileges.

·       Devices should be secured before leaving the office by locking the screen or logging out (Sign out or Lock), whether for short periods or after working hours.

·       Classified information must not be left in easily accessible places where unauthorized persons may view it.

·       Installing external tools on university computers is prohibited without prior permission from the Deanship of E-Transactions and Communications and the Information Technology Department at the University Medical City.

·       The General Directorate of Cybersecurity must be notified if any activity is suspected of causing harm to university computers or assets.

Acceptable Use of the Internet and Software:

·       The General Directorate of Cybersecurity must be notified if there are suspicious websites that should be blocked or vice versa.

·       Intellectual property rights must be ensured during the downloading of information or documents for work purposes.

·       Unauthorized software or intellectual property must not be used.

·       A secure, authorized browser must be used to access the internal network or the internet.

·       Technologies allowing bypassing proxies or firewalls to access the internet are prohibited.

·       Software and tools must not be downloaded or installed on King Saud University assets without prior authorization from the Deanship of E-Transactions and Communications and the Information Technology Department at the University Medical City.

·       Games are prohibited and must be removed from all systems unless prior authorization is obtained from the General Directorate of Cybersecurity.

·       The internet must not be used for non-work-related purposes, including downloading media and files, or using file-sharing software.

·       The General Directorate of Cybersecurity must be notified if there are suspected cybersecurity risks, and care must be taken with security messages that may appear during internet browsing or on internal networks.

·       Performing security scans to detect vulnerabilities, including penetration testing, or monitoring the university’s networks and systems, or networks and systems of third parties, is prohibited without prior authorization from the General Directorate of Cybersecurity.

·       File-sharing sites must not be used without prior authorization from the General Directorate of Cybersecurity.

·       Visiting all suspicious websites, including hacking education sites, is prohibited.

·       Network traffic analyzers/spyware tools must not be used unless prior authorization is obtained from the General Directorate of Cybersecurity.

Acceptable Use of Email and Communication Systems:

·       Email, phone, or fax must not be used for purposes other than work-related activities, in compliance with cybersecurity policies and standards.

·       Messages containing inappropriate or unacceptable content, including messages exchanged with internal or external parties, are prohibited.

·       Internal mailing lists must not be shared with non-employees.

·       Encryption technologies must be used when sending sensitive information via email or communication systems.

·       The university email address should not be registered on any site unrelated to work.

·       The General Directorate of Cybersecurity must be notified if any suspicious emails are suspected of containing content that could harm the university’s systems or assets.

·       King Saud University reserves the right to disclose email contents after obtaining necessary authorization from the relevant authority and the General Directorate of Cybersecurity, in accordance with applicable procedures and regulations.

·       Opening suspicious or unexpected emails and attachments, even if they appear to be from trusted sources, is prohibited.

·       All external communications related to King Saud University must be exclusively conducted via the official university email system. Using personal accounts or addresses (such as Hotmail, Gmail, Yahoo, etc.) for official university communications is strictly prohibited.

·       All university staff are prohibited from using their university email for social media engagement (Facebook, X platform, TikTok, etc.), banking, or non-educational websites and blogs. The only exception is email accounts used specifically for King Saud University business and with prior permission.

·       Department-specific emails must be used by their primary owner (department head or authorized employee), and if shared with others, an agreement must be signed to specify authorized users, with full responsibility for its use resting with the owner, without any liability on King Saud University. The password must be changed immediately when any user leaves the organization.

Videoconferencing and Internet-Based Communications:

·       Unauthorized tools or software for conducting communications or holding videoconferences are prohibited.

·       Videoconferences or communications unrelated to work are prohibited unless prior approval is obtained.

Use of Passwords:

·       Strong, secure passwords must be selected and maintained for all King Saud University systems and assets. Passwords must also be different from those used in personal accounts, such as personal email or social media accounts.

·       Sharing passwords by any means, including electronic correspondence, voice communication, or written form, is prohibited. Users must not disclose passwords to any third party, including colleagues, employees of the Deanship of E-Transactions and Communications, and Information Technology Department at the University Medical City.

·       Upon receiving a new password from the system administrator, the password must be changed immediately.

File Storage and Sharing Systems:

·       Networked storage and sharing devices (NAS Storage) within the internal university network are prohibited.

·       The file-sharing service is allowed for storing and sharing files within the university’s data center for work purposes only.

·       Files classified as restricted, confidential, or highly confidential can be stored in the local file-sharing service (File).

·       The use of file storage and sharing services for personal purposes is prohibited.