عربي

ISO 27001 Information security Management Principles

AWARD-WINNING
ARCHITECTURE

Good Design AwardGood Design Award
World Architecture FestivalWorld Architecture Festival
International Architecture AwardsInternational Architecture Awards
Good Design AwardLeed Platinum Certification
World Architecture FestivalSmartScore Platinum

King Abdullah Financial District Development and Management Company (KAFD DMC) is committed to establishing, implementing, and maintaining a robust Cybersecurity Management System (CSMS) to protect its digital assets, infrastructure, and stakeholders.

We aim to promote and continuously enhance cybersecurity practices that safeguard KAFD against cyber threats, ensuring the confidentiality, integrity, and availability of information assets.

We strive to comply with applicable cybersecurity laws and regulations in the Kingdom of Saudi Arabia, while aligning with leading international standards and best practices.

 

We aim to achieve our objectives through the deployment of the following principles and practices:

1- Confidentiality: → Meaning: Only the right people can access the information held by the organization. Risk example: Criminals get hold of your clients’ login details and sell them on the Darknet.

 

2- Information integrity: Meaning: Data that the organization uses to pursue its business or keeps safe for others is reliably stored and not erased or damaged. Risk example: A staff member accidentally deletes a row in a file during processing.

 

3- Availability of data: → Meaning: The organization and its clients can access the information whenever it is necessary so that business purposes and customer expectations are satisfied. Risk example: Your enterprise database goes offline because of server problems and insufficient backup.   

 

An information security management system that meets the requirements of ISO/IEC 27001 preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.

We commit to a proactive cybersecurity culture where every team member is empowered to identify, report, or halt activities that pose cybersecurity risks, without fear of reprisal. Upholding cybersecurity policies, standards, and regulatory requirements is non-negotiable and fundamental to protecting our organization.