Risk Management, Compliance, and Business Continuity Department

Business Continuity System Policy

Business Continuity System Policy

Introduction

The Saudi Electronic University acknowledges that protecting its assets, operational processes, and services is a major responsibility in safeguarding the interests of its stakeholders. As part of the national initiative to automate and provide access to its services for its students, faculty members, and affiliated staff, the university aims to develop a feasible plan for the continuity of its electronic services (e-services) and their restoration in the event of disasters.

The Saudi Electronic University is committed to continuing its efforts to monitor and restore operations in alternative facilities in the event of sudden business disruptions. Additionally, the university and its senior management are committed to maintaining and developing a viable business continuity and recovery plan that aligns with compatible insurance and ethical practices, consistent with the provisions and guidelines of the university's strategic and tactical plans. This plan will also support the university's philosophy of maintaining the highest levels of service quality for its students, faculty members, and staff.

Purpose, Scope, and Users

The purpose of this policy is to define the objective, scope, and basic rules for managing business continuity.

This policy applies to the entire business continuity management system.

The users of this document are all employees of the Saudi Electronic University, as well as all suppliers and external contract employees who have a role in the business continuity management system.

General Policy

The Saudi Electronic University plays a fundamental role in providing stakeholders, university employees, as well as internal colleges and departments, with the best IT services in its class and specialized solutions, as well as managing available resources efficiently.

In this capacity, it fully recognizes and commits to providing continuous service to its customers and working to protect the collective interests of stakeholders, ensuring their adaptability and growth. It also commits to fulfilling all legal, regulatory, and statutory obligations and regulatory requirements, as well as guidelines issued by relevant official government bodies.

The business continuity management system applies to all units, functions, operations, or business components that are considered critical, and they must have a recovery plan for their operations within an agreed-upon strategy.

Therefore, as an integral part of operational activities, the university adopts the following methodologies effectively and proactively to mitigate the impacts of any major incidents:

 

Establishing and maintaining a risk analysis and impact assessment program and a business continuity alignment program.

Developing business recovery plans and strategies to mitigate the severity of major risks.

Making business continuity planning and disaster recovery an integral part of all current and new business requirements.

Providing requirements for policies that require external service providers to have appropriate and tested recovery or emergency strategies.

Developing critical business applications to utilize system architectures that provide continuous operation in the event of primary system failure.

Preparing inspection and review plans as well as conducting exercises that provide individuals with confidence in their roles and operations to achieve their goals.

Continuously improving the suitability, efficiency, and effectiveness of the business continuity management system.

This policy is based on the "Business Continuity Management Standard and Guidelines" issued by the International Organization for Standardization (ISO) 22301 - Societal Security - Business Continuity Management System - Requirements.

This policy is published among all employees of the Saudi Electronic University. All members of the university community are required to respond to and comply with this policy within their applicable scope. Each management/sector/department is responsible for its readiness to manage business continuity at all times.

This policy is reviewed periodically to ensure its ongoing suitability on an annual basis and also when changes occur. Essential.

References

ISO 22301 standards, including sections 4.1, 4.3, 5.3, 6.2, and 9.1.1.

Project plan for implementing the business continuity management system.

List of legal, regulatory, contractual, and other requirements.

Risk management plan.

Business continuity preparedness plan.

Corrective and preventive action procedures.

List of all contracts binding the organization to implement business continuity management.