Access Privilege Removal Policy

Access Privilege Removal Policy
Information Security Management System
Policy No.: DI/ISMS/13
Version: 02
Date: 2017-09-20

An unauthorized login to the Digital Transformation Agency can cause severe damage to systems and communications. Agency staff may exploit persistent login methods to access systems or restricted office areas without detection. Potential damages include theft of funds, equipment, or intellectual property; disclosure of confidential information; physical or personal harm; or unauthorized use of inactive accounts by external attackers.

Whenever an individual leaves the university, their access privileges must be revoked immediately. The direct supervisor is responsible for initiating the removal of that employee’s access rights—whether from the IT department or any other unit. Supervisors must ensure that all access privileges for their team members have been deactivated.

Similarly, when an employee’s role changes, supervisors must withdraw any unnecessary access rights—keeping only those required for the new role. IT must be notified of any lingering remote access permissions to dedicated applications or private servers for former employees or upon termination, to prevent former staff from accessing the university network. The IT team actively monitors and works to prevent unauthorized access attempts.

Official government website of the Government of the Kingdom of Saudi Arabia

Links to official Saudi websites end with edu.sa edu.sa

Government websites use the HTTPS protocol for encryption and security.

Official government website of the Government of the Kingdom of Saudi Arabia

Links to official Saudi websites end with edu.sa edu.sa

Government websites use the HTTPS protocol for encryption and security.

Breadcrumb

Access Privilege Removal Policy

Access Privilege Removal Policy - Policies and Procedures