Secure Usage of Applications policy

• Introduction

This policy aims to adhere to the regulations and standards for the secure usage of applications that are issued by the National Cybersecurity Authority (NCA) and the relevant legislative and regulatory requirements in Riyadh Municipality to reduce cyber risks and protect them from internal and external threats and harmful activities by focusing on the main objectives of protection. These requirements have been aligned with the National Cybersecurity Authority's requirements, including but not limited to; Essential Cybersecurity Controls (ECC - 1:2018) and other relevant legislative and regulatory requirements

• Policy Terms
  • General Terms:
    • The use of related Riyadh Municipality websites and applications shall be deemed to consent to this policy which is considered as part of the terms of using Riyadh Municipality websites and applications. If you do not accept in full, your access to these websites shall be deemed unauthorized and you must stop using them immediately.

• Terms and conditions for the secure usage of Riyadh Municipality websites and applications.
  • Responsibility of users of Riyadh Municipality websites and applications:

• Users of Riyadh Municipality websites and applications shall have the right to access data through their dedicated website. They shall also have the right to use such data at their own personal responsibility and in a manner not inconsistent with the relevant regulations and legislation.
• The user must undertake that all data and information obtained such as username and password of Riyadh Municipality accounts and applications are confidential and must be kept confidential. Giving it to a person who is not authorized to enter is a violation, and the User shall bear all responsibility for the consequences thereof.
• The user shall not save passwords and usernames when using public devices.
• The user is responsible for the use of Riyadh Municipality's websites and applications data as they are accountable for the re-use of data in the portal. The reuse of such data must not result in any errors or inaccuracy relating to the data's content, source, and date.
• Do not use Riyadh Municipality's applications or websites to upload any material containing viruses, or any computer codes, files or software that may alter, damage or hinder work.
• Do not use the Riyadh Municipality's e-mail account to log into any of the websites or social networks unless for business purposes.
• The user must activate the identity verification option (MFA- Multi-Factor Authentications) or the fingerprint if any, when using the Riyadh Municipality's applications.
• The use of external storage media is prohibited without prior authorization from the General Administration of Cybersecurity.
• Any activity that affects the efficiency and integrity of applications and websites is prohibited without prior authorization from the General Administration of Cybersecurity.
• It is prohibited to install external tools on devices without prior authorization from the Digital Transformation and Smart Cities Agency.
• Any activity that may cause harm to the Riyadh Municipality's applications and websites must be notified to the General Administration of Cybersecurity when suspected.
• Inappropriate or unacceptable content messages, including those with internal and external parties, are prohibited from circulating.
• Encryption techniques must be used when sending sensitive information by email or communication systems.
• the General Administration of Cybersecurity must be notified when there are suspected e-mails containing content that may cause damage to the Riyadh Municipality's systems.
• It is forbidden to open suspicious or unexpected emails and attachments even if they appear from reliable sources.
• Work sessions on the applications or website must be closed upon completion.
• Passwords must not be automatically saved in applications for Riyadh Municipality's accounts and must not rely on automatic access.
• The sub-policy (password management policy) of the Riyadh Municipality must be adhered to and followed by users of Riyadh Municipality websites and applications.

• Terms to re-use Riyadh Municipality websites and applications data:

• The user must not misrepresent the open data or its source.
• A reference must be used to the source of information that has been re-used by placing a link to the Municipality's website or other sources to preserve the intellectual ownership, credibility, and authenticity of the source of the data.
• Data may not be used in such a way as to suggest that the user is an official entity, or that such data has been privately authorized to be published.
• Such data shall not be used for political purposes or to support unlawful activity in contravention of any law, regulation, government decision, support of criminal activity, racist or discriminatory comments, or adversely affecting culture, equality, incitement or irregular activity or contrary to Saudi Arabia's customs and traditions.
• Access to or investigation of any service or system must not be used without authorization, including, but not limited to, violations, security vulnerability scanning, or penetration testing.
• The user must ensure their commitment to not infringe the terms of this policy, and that the Riyadh Municipality's websites and applications have the full right to terminate or restrict the user's access to the site or its use without notice and for any reason, including violation of the terms and conditions of use or any other behavior that Riyadh Municipality considers, at its discretion, to be illegal or harmful. In the event of termination, the user will not be authorized to access these sites and applications, and the user acknowledges that Riyadh Municipality's websites and applications do not bear any responsibility for the consequences of such prohibition