1- General Requirements:

·       Information must be handled according to the specified classification, in accordance with the Data Classification Policy and the Data and Information Protection Policy of King Saud University, ensuring the confidentiality, integrity, and availability of the information.

·        Violation of the rights of any person or company protected by copyright, patent, or other intellectual property, or similar laws or regulations is prohibited, including, but not limited to, the installation of unauthorized or illegal software.

·        Downloading, redistributing, and printing articles, documents, or other copyrighted materials from King Saud University information systems is strictly prohibited.

·        Receiving, printing, transmitting, or disseminating proprietary data, King Saud University secrets, or other confidential information in violation of this policy or ownership agreements is strictly prohibited.

·        Printouts on shared printers must not be left unattended.

·        External storage media must be stored securely and appropriately, such as ensuring that the temperature is set at a certain level and that it is stored in a secure, isolated location.

·       It is prohibited to use other users' passwords, including the password of the user's manager or subordinates.

·       It is necessary to adhere to the safe and clean office policy, ensuring that the desktop and display screen are free of classified information.

·       It is prohibited to disclose any university-related information, including information related to systems and networks, to any unauthorized party, whether internal or external.

·       It is prohibited to publish university-related information via the media or social networks without prior authorization.

·       It is prohibited to use university systems and assets for personal gain or business purposes, or for any purpose unrelated to the activities and work of King Saud University.

·       It is prohibited to connect personal devices to King Saud University networks and systems without prior authorization, in accordance with the Mobile Device Out-of-Home (BYOD) security policy.

·       It is prohibited to engage in any activities that aim to bypass King Saud University's security systems, including antivirus software, firewalls, and malware, without prior authorization and in accordance with the university's approved procedures.

·       The Cybersecurity Department reserves the right to monitor and annually review work-related systems, networks, and personal accounts to monitor compliance with cybersecurity policies and standards.

·        It is prohibited to host unauthorized persons in sensitive areas without prior authorization.

·        Identification cards must be worn in all King Saud University facilities.

·       The Cybersecurity Department must be notified in the event of loss, theft, or leakage of information.

·        The General Administration of Cybersecurity reserves the right to monitor and annually review work-related systems, networks, and personal accounts to monitor compliance with cybersecurity policies and standards.

·       Each user is responsible for preventing unauthorized access, including but not limited to viewing information resources in their possession or control (computer, laptop, desktop, printouts).

2- Computer Security:

·       The use of external storage media is prohibited without prior authorization from the Cybersecurity Department.

·       Any activity that could affect the efficiency and integrity of systems and assets is prohibited without prior authorization from the Cybersecurity Department, including activities that enable the user to obtain higher privileges and privileges.

·       The device must be secured before leaving the office by locking the screen or logging out (sign out or lock), whether for a short period or at the end of work hours.

·       Classified information must not be left in easily accessible locations or viewed by unauthorized persons.

·       Installing external tools on the computer is prohibited without prior authorization from the Deanship of Electronic Transactions and Communications and the Information Technology Department at the University Medical City.

·       The Cybersecurity Department must be notified if any activity that may cause harm to the university’s computers or assets is suspected.

3- Acceptable Use of the Internet and Software:

·       The Cybersecurity Department must be notified of any suspicious websites that should be blocked or blocked.

·       Intellectual property rights must not be violated when downloading information or documents for work purposes.

·       The use of unlicensed software or other intellectual property is prohibited.

·        A secure and authorized browser must be used to access the internal network or the Internet.

·       The use of technologies that allow bypassing proxies or firewalls to access the Internet is prohibited.

·        Downloading or installing software and tools on King Saud University assets is prohibited without prior permission from the Deanship of Electronic Transactions and Communications and the Information Technology Department at the University Medical City.

·        Games are not permitted and must be removed from all systems unless prior permission is obtained from the Cybersecurity Department.

·       Using the Internet for non-work purposes, including downloading media and files, and using file-sharing software, is prohibited.Suspected cyber threats must be reported to the Cybersecurity Department. Security messages that may appear while browsing the internet or internal networks must be treated with caution.

·       It is prohibited to conduct a security scan for the purpose of detecting security vulnerabilities, including penetration testing, or monitoring the university's networks and systems, or the networks and systems of third parties, without prior authorization from the Cybersecurity Department.

·       It is prohibited to use file-sharing sites without prior authorization from the Cybersecurity Department.

·        It is prohibited to visit all suspicious websites, including hacking education sites.

·        It is strictly prohibited to use network traffic analyzers/spyware tools unless prior authorization has been obtained from the Cybersecurity Department.

4- Acceptable Use of Email and Communications:

·       The use of email, telephone, or electronic fax for non-work purposes is prohibited, in accordance with cybersecurity policies and standards.

·       The exchange of messages containing inappropriate or unacceptable content is prohibited, including messages exchanged with internal and external parties.

·        The dissemination of internal mailing lists to non-employees is prohibited.

·        Encryption technologies must be used when sending sensitive information via email or communication systems.

·        The university's email address must not be registered on any non-work-related website.

·       The Cybersecurity Department must be notified if any emails containing content that may cause harm to the university's systems or assets are suspected.

·        King Saud University reserves the right to disclose the contents of emails after obtaining the necessary authorizations from the authorized person and the Cybersecurity Department, in accordance with relevant procedures and regulations.

·        It is prohibited to open suspicious or unexpected emails and attachments, even if they appear to be from trusted sources. - Any correspondence outside the university must be conducted solely through the official email system. It is strictly forbidden to use personal accounts/addresses such as Hotmail, Gmail, Yahoo, etc. for university correspondence.

·       All university employees are prohibited from using their university email for any subscription to social media sites (Facebook, X, TikTok, etc.), banking, or other non-academic websites and blogs. However, an exception is made for email accounts used specifically for King Saud University business and with prior authorization.

·       Department-assigned emails are used by their primary owner (the department head or an authorized employee). If shared with others, an agreement must be signed specifying the authorized users. The owner bears full responsibility for their use, without liability to King Saud University. Upon the departure of a user, the password must be changed immediately.

5- Video Conferencing and Internet-Based Communications:

·       The use of unauthorized tools or software to make calls or hold video meetings is prohibited.

·       It is prohibited to make calls or hold video meetings that are not related to work without prior authorization.

6- Use of Passwords:

·       Secure passwords must be chosen, and passwords for King Saud University systems and assets must be kept secure. Passwords must also be chosen differently from those for personal accounts, such as personal email accounts and social media sites.

·       Sharing passwords through any means is prohibited, including electronic correspondence, voice communications, and written communication. All users must not disclose their passwords to any third party, including colleagues, employees of the Deanship of Electronic Transactions and Communications, and employees of the Information Technology Department at the University Medical City.

·       Upon receiving a new password from the system administrator, the password must be changed immediately.

7- Use of File Storage and Sharing Systems:

·       It is prohibited to use network storage and sharing devices (NAS) on the university's internal network.

·       It is permitted to use the sharing service to store and share files within the university's data center for work purposes only.

·       Files classified as restricted, confidential, or highly confidential may be stored on a local file sharing service.

·       Use of the file storage and sharing service for personal purposes is prohibited.