Introduction

Policy is considered an official declaration of a principle or a rule which should be followed by the members of any organization, where each policy sets the importance of each duty or a process that will be implemented within the organization, or in terms of its relationship with its surrounding environment. On the other side, procedure dictates to the members of the organization how to implement the agreed-upon policy, which should be arranged in the form of organized, clear, and specific steps. On this basis, the Deanship of Information Technology at Umm Al-Qura University tends to set its policies and procedures by which it ensures the implementation of the duties entrusted to it efficiently and effectively to achieve the strategic objectives of the deanship and the university.

It is worth mentioning that the scope of the work of the deanship is associated with the technological aspects and the e-transactions, taking into consideration that the deanship followed a clear methodology during the preparation of its policies and procedures to ensure the fulfillment of the requirements, practices, and the local, regional, and international standards relevant to the field of information technology, which is mentioned as follows:

1. Compliance with the requirements and objectives of Saudi Vision 2030.
2. Compliance with the directions of the National Transformation Program 2020.
3. Compliance with the policy of protection of the intellectual property (IP) of content according to the regulations of intellectual property in the Kingdom of Saudi Arabia.
4. Integration with the King Salman Program for Human Resources Development.
5. Compliance with the communications, e-transactions systems, and strategy of digital transformation of the governmental services of the Ministry of Communications and Information Technology.
6. Integration with the Communications and Information Technology Commission (CITC) Information Security Policies and Procedures Guide.
7. Conformity with the governmental e-transactions transformation program, "Yesser," and the practices and controls of the e-government in accordance with the National Overall Reference Architecture (NORA).
8. Take into account the content and the variables of the national digital systems in the field of dealing with information.
9. Compliance with the directives and recommendations of the National Cybersecurity Authority.
10. Compliance with the laws and regulations of Saudi Arabia's Ministry of Education and UQU.