1) Policy Statement
Personnel Security Policy of King Faisal University is designed to make all the information managed by the university properly secured, to protect against the consequences of breaches of confidentiality, or the failure to handle such information from personnel side.
2) Policy Purposes
The main purpose of this policy is to ensure that the assets of KFU’s information are protected from negative acts of individuals. Information systems face threats from many sources, including people’s actions – Staff, external users and contracted personnel. Intentionally and unintentionally, the actions of these individuals can damage or disrupt information systems and facilities or leads to unauthorized access to confidential data. These actions can also perform in the destruction or modification of data processed, and denial of service presented to end users.
3) Policy Scope
? This policy applies to all trainee employees, contractors, members, participants, users, and any other third parties who can access King Faisal University information regardless of his physical location.
? This policy applies to centrally-managed or personally-owned information technology that is connected wired or wirelessly to the King Faisal University network and also includes those devices that communicate remotely on the same network.
4) Hiring Policy
KFU’s Terms and conditions of employment which are written for external parties should include prior requirements of the employee (background check, certification, agreements) in order to comply with information security policies in the university.
I. Disciplinary Process
1- All the staff members are required to sign a formal undertaking to protect the confidentiality of KFU’s information during and after their employment period and follow its security policies in a typical way.
2- An officially authenticated version of the university policies should be delivered formally To Whom It May Concern (i.e. contractors, staff, and governors. etc.).
3- Agreements of (Non-disclosure) shall be applied in all cases where sensitivity or the value of the information that is disclosed is important.
4- An appropriate disciplinary action should be undertaken in cases of information security incidents which result from incompliance.
5- All staff members are to be educated and enlightened with the suitable awareness tools of information security concerning reporting suspicious threats.
6- KFU is committed to define and document roles and responsibilities for all the employees, contractors, and third parties performing personnel security work or duties in accordance with the other policies.
5) On the job Security Policy
KFU is committed to providing training courses to all users regarding the new systems and that is to ensure the efficiency and accuracy of performance and to avoid information security compromising.
I. Disciplinary process
1- The nominated personnel (employees) should receive a periodical training to be updated with the last techniques and threats in the field.
2- In case of changing job positions, the staff members’ need especially IT specialists should be reassessed from time to time in order to align with the offered training programs.
3- Mandatory auditoriums, workshops, and induction programs should be held for the staff members. Every one of those who are concerned should acknowledge the threats and techniques of information security in relation to his position roles.
4- All the staff should sign in an undertaking document of knowledge that indicates their awareness of policies implemented.
6) Firing Policy
In case of termination, all of the departing staff members are revoked from access to King Faisal University information assets.
I. Disciplinary Process
1- KFU maintains its right to reallocate staff members access to information assets and workspaces of the departing personnel.
2- The information assets made by the departing members such as emails or file stores should be archived by KFU as its part of the agreement right.
3- The departing member of the staff should return all of information security belongings and equipment to KFU on the last day of his contract.
4- Normally, the university has the right to remove access privileges of the departing staff just right away of termination, unless there is a new relationship being rebuilt between the university and the departing staff member.
Unauthorized people are not allowed to obtain or see confidential data under any circumstances. The intentional act of such practices or negligence may result in dismissal or imprisonment.
This Policy to be read by Policy Owner
University Staff Yes Approved by
University Students Approval Date
Administration members Yes Date Policy In Effect
Governors Yes Original Issue
Contractors ; Partners Yes Version