General Policy for Information Security
The Saudi Commission for Health Specialties, guided by its vision, mission, foundational pillars, and strategic objectives, seeks to regard the information security system pertaining to cybersecurity as a fundamental component of its daily operations, thereby ensuring the provision of secure and confidential business services. All information that is shared, generated, or utilized within the systems of the Saudi Commission for Health Specialties is afforded the utmost level of protection in accordance with its significance, which includes:
Safeguarding the confidentiality and integrity of information assets.
Guaranteeing the implementation of high-level cybersecurity controls and requirements that are consistently replicable in a timely manner and at a reasonable cost for the benefit of all stakeholders within the Authority.
Ensuring business continuity and mitigating the effects of workflow disruptions by preventing and minimizing the impact of security incidents.
Ensuring adherence to local and legislative regulations set forth by the Ministry of Health and the National Cybersecurity Authority (NCA).
Supporting the National Cybersecurity Strategy, which aims to establish a secure and reliable Saudi cyberspace that fosters growth and prosperity.
Complying with information security controls in alignment with ISO/IEC 27001.
Conducting regular security audits and updates to maintain the integrity of data and systems through periodic assessments, identifying potential vulnerabilities, and taking necessary actions to address them.
Promoting continuous improvement of the cybersecurity system through regular reviews and both internal and external audits.
