Other Policies and Strategies

Share The Page

Cloud First Policy

A government policy that is referred to as the Cloud First Policy”(CFP) of Saudi Arabia is a policy that covers governmental entities which are introduced to accelerate the adoption of cloud computing services by directing these entities to consider cloud options when making new IT investment decisions. The private sector is encouraged to follow the same exercise by having an internal CFP. This policy was defined in line with the key pillars of KSA’s ambitious Vision 2030. The policy hence caters to the National Information Center’s (NIC) Strategy – the entity that will serve as the primary Cloud Service Provider (CSP) for Government related data. The Kingdom of Saudi Arabia is one of the leading countries in the ICT sector in a wide region of the world, including the Middle East and North Africa (MENA) region. It is well positioned to make the most of this cloud computing opportunity by becoming one of the best-integrated infrastructure services and technically advanced in the cloud computing industry and the ICT industry in general. This document complements the cloud computing regulations issued or to be issued by other governmental entities.

In its inherent definition, a Cloud-First Policy is meant to define and typically stimulate public sector migration from traditional IT solutions to cloud-based models. Major reasons for adopting such a policy are to enhance Efficiency in different ways, such as to use of cloud computing for resource pooling and sharing across different applications and entities, leading to increased utilization of the assets. It is widely noticed that migration of infrastructure to the cloud typically results in ~30% savings in terms of the total cost of ownership. Additionally, cloud computing serves as a catalyst that can accelerate the implementation of Data Center Consolidation initiatives.

Cloud computing provides a more interoperable and portable environment for data and systems that would help achieve seamless communication between different entities. Another importance of using this policy is that it provides more robust cyber security: Beyond achieving a more efficient, innovative, and agile environment, cloud computing helps to improve overall cyber security. The government realizes that employees of cloud computing platforms in the government and commercial government be qualified Saudis and that the hosting is in the Kingdom without the ability to access it remotely from outside the Kingdom. The Cloud First Policy of Saudi Arabia is adopted due to the extensive benefits of cloud computing. This policy is intended to accelerate the pace at which Governmental entities are migrating from traditional IT solutions to cloud solutions, which will serve as a key pillar in supporting and driving the digital transformation in KSA. Entities covered by the scope of this policy are required to consider cloud computing options when making new IT investment decisions, with the goal of achieving the following:

Increase the quality of service by using more agile, innovative solutions in the Government services sector (e-services).

Reduce total cost of ownership by improving IT utilization, aggregating demand, and removing duplications in Governmental IT spending.

Improve cyber security robustness by using accredited platforms with best-in-class cyber security standards and leveraging Cloud service providers’ expertise in this domain.

Enable interoperability with other entities.

This policy is applicable to all governmental entities with the exception of the Saudi Arabian Monetary Authority and other entities primarily responsible for national security and defense, such as the Ministry of Defense (MoD), Presidency of State Security (PSS), Ministry of Interior (MoI) and National Cybersecurity Authority (NCA).

Digital Economy Policy

In its commitment to the implementation of the very ambitious Vision 2030, the Kingdom has invested a lot to realize such vision, over $1 trillion. Significant achievements were realized already toward achieving its ambition of diversifying its economy while introducing a range of social reforms. The Kingdom’s vision to augment the digital economy is a reality and an ever-increasing one. Coupled with the acceleration of key digital trends in the region, it is clear that Saudi Arabia is uniquely positioned to take bold steps in the pursuit of digital sovereignty to control its own flow of data. In fact, Saudi Arabia’s digital services market has long been the largest in the region, one that is expected to top $38 billion by 2025. As the digital economy is very crucial to the national digital transformation, the National Digital Transformation Unit of the Ministry of Communications and Information Technology has adopted a policy that is approved for the basis of a digital economy within the digital transformation plans. The aim of this policy is to develop the digital economy of the Kingdom of Saudi Arabia. The policy sets out guiding principles for government agencies to promote the digital economy through their respective specialties and mandates, with the goal of achieving sustainable economic growth and creating and maintaining competitive advantages for the Kingdom. Equally, this policy serves to inform the public and private sectors and the international community of the Kingdom’s approach to growing a robust, modern, and effective digital economy. The policy sets out guiding principles for government agencies to leverage the digital economy through their respective mandates to drive diversification and sustainability across the economy and create a more competitive advantage for the Kingdom.

Essential principles of this policy include:

Access (Digital Infrastructure, Data and Platforms): Digital Infrastructure makes high-quality internet access to all sectors and segments of society across the Kingdom at affordable rates and in a dependable manner, combined with the highest level of security and privacy. Data is a vital pillar of the digital economy that enables innovative solutions to economic and social challenges. Digital Platforms are emerging; they are significant and can be adopted by “smart government” for leveraging data, and emerging technologies to create user-centric platforms delivering services to individuals, the public sector and private enterprises, which increase efficiencies and ease of access to all.

Technology Adoption and Use: The Kingdom supports the adoption of digital technologies to increase business productivity and competitiveness.

Innovation: The Kingdom supports the adoption of appropriate policies and governance models that leverage Innovation, as well as scientific research across all fields of technology, to promote digital transformation and contribute to the growth of the digital economy.

Human Capital: The policy should be geared towards creating valuable and productive jobs through the digital economy while promoting training, expertise and capacity building for these jobs.

Social Prosperity and Inclusion: The Kingdom adopts policies to enhance and develop Saudi cities and enable them with digital technology to achieve social prosperity and raise the quality of life, including education and health for all in rural areas, for the disadvantaged for woken and for social inclusion at large.

IoT Regulatory Framework

Based on its role in enabling ICT technologies and enabling IoT implementations in the Kingdom, the Communications, Space & Technology Commission (CST) is mandated to work on achieving the goal of making the Kingdom a leading country in developing IoT services. In accordance with this mandate, an Internet of Things (IoT) Regulatory Framework is drafted to regulate all IoT services and use cases. A draft for such regulation was written, and it is under consideration. The framework regulates IoT services through mobile or fixed networks that are provided by licensed service providers from the CST. The framework also emphasizes the issue of compliance with the data security, privacy and protection requirements, in addition to the technical specifications as set by numbered (RI114), which is available through the CST website. The IoT equipment must comply with the Technical Specifications published by CST regarding radio, EMC and safety and require that the user and the service provider consider the interoperability between IoT networks and equipment. The framework suggests IoT identifiers, in addition to IP numbers, such as the Digital Object Architecture (DOA). IoT will be assigned numbers from the machine-to-machine (M2M) numbering range as per the National Numbering Plan. For IP addresses, it is highly recommended to use IPv6. As for data management, hosting all servers used in providing IoT services and storing all data should be inside KSA. Providers also should comply with all the existing or future published laws, regulations and requirements issued by CST or other authorities in the Kingdom concerning data management, including security, privacy and protection of IoT users’ data.

Universal Service Policy

The Government of the Kingdom of Saudi Arabia considers access to voice telephony and internet services for all segments of society to be an essential element of its development strategy. The information and communications technologies sector (ICT) is a driving force for the economy as a whole and a contributor to social, cultural, and national development. While significant progress has been made in the development and liberalization of the ICT sector, more efforts should be made to bring the benefits of ICTs to all populations of the Kingdom of Saudi Arabia. To achieve this, the Ministry of Communications and Information Technology approved the Universal Access and Universal Service Policy on 17/06/2006. The policy sets out the basis, principles and conditions relating to the provision of Universal Access and Universal Service in the Kingdom. The policy further directs the Communications and Information Technology Commission (CITC) to issue a decision to establish the Universal Service Fund (USF). Accordingly, Decision 165/1428 was issued on 04/06/2007. The Decision further specifies the legal and procedural nature of the USF and other necessary ancillary matters. The mechanism promotes a fair bidding process among invited parties for the corresponding USF Project. The USF focuses exclusively on financing new networks and/or services to provide Universal Access and Universal Services to geographic areas that are in commercially unprofitable underserved zones. The government has funded the financing of the USF projects since the beginning of its operation. The USF started to prepare its strategic and annual operating plans, including the programs and projects that will be implemented to provide voice and internet services. The formal operation of the USF was in 2010 when the first operating plan was approved. Subject to the availability of funds, the USF continued annually in the preparation of operating plans, tendering and awarding projects.

Government Open-Source Software (OSS) Strategy

Government Open-Source Software (OSS) is a key element in facilitating and organizing services and driving cooperation between various government sectors. Digital Government Authority (DGA) adopted the OSS Adoption Strategy in 2021 to facilitate OSS. Through the Strategy, experiences of developed countries in this field will be revealed and benchmarked, while lessons learned will be leveraged. Government spending on software has also been highlighted, along with OSS Strategy pillars and objectives and related initiatives in such regard. For more click here.

Crisis and Emergency Response and Recovery

Legal Framework

Digital Government Authority (DGA) has adopted the Controls of Risk and Business Continuity Management For Digital Government with the aim to enhance the Government entities ability to proactively identify risks and threats and to develop appropriate risk mitigation measures to minimize the consequences on the unavailability of digital services through compliance of Government entities, suppliers and operators of digital government services to implement and maintain the Risk and Business Continuity Management Program, which provides the necessary capabilities to identify and reduce the consequences pf potential and future risks. The Standards Enhances the flexibility of the government entity’s response to any interruption incidents it faces, and to enable it to restore its priority products and services in an effective and efficient manner that ensures continuity of service provision and enhances the capacity of the technical infrastructure in Saudi Arabia to respond and recover from disasters and increase its resilience.

DGA has also published Guidelines for Business Continuity in Government Entities aimed to be a reference for government entities to help them build the most important procedures and processes that will increase their flexibility to respond to crises and restore their services in a flexible, secure and smooth manner to contribute to the continuity of service provision and enhance the resilience of national security in Saudi Arabia.

National Portal Addressing Crisis or Emergency

For any kind of cybersecurity threats, crisis, emergency, or vulnerability, everyone can submit a report to the CERT and the National Cybersecurity Authority on the following link.

For any disruption of the digital services, DGA has established special service for Reporting the Interruption of Digital Government Services, which enables government agencies to report on the unavailability of their digital services, or digital services provided to them by another government agency, or notify the DGA of an update or maintenance of their digital services that may lead to their interruption. The service aims to unify efforts and enhance partnership between the DGA and government agencies to enhance the confidence of beneficiaries in digital government services, and to ensure their availability as planned.

In addition, DGA introduces guidelines of “Reporting Digital Government Services Disruption” service to be as a reference to report incidents and notify DGA if any services provided by government entities has been disrupted. Also, DGA is planning to launch IT Disaster recovery Guidelines, Controls and Recovery Time objectives levels for Digital Government by end of 2023 to give a deep dive for government entities in strategically dealing with recovery, crisis and emergency responses.

However, if the type of crisis or emergency is of a large scale, DGA has established internal procedures for launching crisis or emergency portal and/or mobile application aimed to provide timely and verified information to all citizens about the threats, measures to be undertaken and government decisions. In case of a large-scale crisis or emergency, DGA has capacities to launch such portal or application in less than 24 hours. For example, the dedicated Covid-19 portal was launched in less than 24 hours after the Government issued the order.

Comments & Suggestions

For any inquiries or comments, please fill in the required information.