Fourth: Awareness Procedures
| No: 42063179 | Date(g): 17/4/2021 | Date(h): 6/9/1442 | Status: In-Force |
Translated Document
Banks are required to adhere to the following:
| 1. | Establish a policy for the secure use of banking laws, including procedures for handling usernames and passwords, and review it periodically. |
| 2. | Ensure employees are aware of the importance of checking that they are not being observed when entering their username or password. |
| 3. | Provide training and qualification for employees on essential information related to information security. |
| 4. | Conduct periodic awareness campaigns for employees regarding the instructions issued by SAMA and the banks' own policies, especially concerning the confidentiality of customer account information and the penalties for non-compliance. This should include ongoing educational materials and be conducted at least every three months. |
| 5. | Conduct regular awareness campaigns for employees on information security and financial fraud prevention, with ongoing educational materials provided at least every three months |
| 6. | Perform tests and surveys of employees at least every six months to assess the effectiveness of the awareness procedures outlined in points (4) and (5). |
| 7. | Obtain a declaration from employees, both upon starting work and annually (either in paper or electronic form), acknowledging that they have reviewed and are committed to all policies related to the secure use of banking laws and the handling of usernames and passwords.
|