General Information Security Policy
Within the framework of its vision, mission, pillars, and strategic objectives, the Saudi Commission for Health Specialties aims to treat its information security system—linked to the Commission’s cybersecurity—as a fundamental pillar of daily operations and the provision of secure and confidential business services.
Accordingly, all information that is shared, created, or used in the Commission’s systems is granted the highest level of protection commensurate with its value, including:
- Protecting the confidentiality and integrity of information assets.
- Ensuring the implementation of cybersecurity controls and requirements at a high level, in a consistently repeatable manner, in a timely way, and at an appropriate cost, for the benefit of all Commission stakeholders.
- Ensuring and maintaining business continuity, and reducing the impact of disruption to business functions by preventing security incidents and minimizing their impact.
- Ensuring compliance with local regulations and legislative requirements of the Ministry of Health and the National Cybersecurity Authority (NCA).
- Supporting the National Cybersecurity Strategy that seeks a secure and trusted Saudi cyberspace that enables growth and prosperity.
- Committing to information security controls in alignment with the international standard ISO/IEC 27001.
- Conducting regular security audits and updates to ensure the integrity of data and systems through periodic assessment, to identify weaknesses and potential security vulnerabilities and take the necessary actions to address them.
- Ensuring continuous improvement of the cybersecurity system through periodic reviews and internal and external audits.