Regarding Cabinet Resolution No. (418) dated 25/7/1442 AH, which approved the regulation of the Digital Government Authority (DGA), it stipulates that DGA is the competent authority for all matters related to digital government and serves as the national reference in this domain. Pursuant to its mandate, DGA shall “develop the technical standards for digital transformation models in government sectors and monitor compliance with them in coordination with the relevant authorities.”

In line with the aforementioned, DGA strives to enhance digital performance across government agency, improve the quality of services delivered, and elevate the end-user experience, all in alignment with the ambitious goals of Vision 2030.

DGA paves the way for government agency to deliver high-quality, efficient digital government services that drive investment returns, strengthen the value of the national economy, and enable the measurement of government agency’ performance and capabilities in the digital government domain.

From this perspective, DGA issued the fourth version of the “Controls of Risk Management and Business Continuity for Digital Government” in accordance with the regulations issued by the competent authorities. DGA remains responsible for regularly updating and reviewing this document to reflect evolving requirements.

These controls form part of the regulatory framework for digital government, which contributes to raising the maturity level of digital government services and strengthening agency’ ability and flexibility to identify risks and threats proactively. This is achieved through the establishment of a continuously improving risk management system and the development of business continuity plans. Such plans address response and recovery from service disruptions, aiming to minimize negative impacts and ensure the sustainability of digital government services. This objective is further reinforced by establishing and activating a business continuity management system, verifying its effectiveness, and pursuing continuous improvement.

In this version, DGA updated the controls related to the activation phase of the Business Continuity Management System, particularly those addressing the development of disaster recovery plans for information and communication technology. These updates enhance the readiness of government agency by providing and testing technical alternatives and solutions. Furthermore, the classification matrix for platforms, applications, and services was updated to serve as a comprehensive framework. Collectively, these efforts aim to ensure the reliability and continuity of digital government services across government agency.

These controls aim to enable government agency to ensure the sustainability of digital government services and core operations, while mitigating potential risks, through the following:

• Identify appropriate treatment strategies and plans for addressing incidents and crises.
• Proactively identify risks to ensure business continuity, digital services, and the agency's core operations.
• Support decision-making and optimize the allocation of resources, capabilities, and supply chain continuity.
• Raise awareness about risk management and business continuity to prepare for, respond to, and recover from incidents.
• Enhance the integration among government agency and strengthen national resilience and flexibility.
   

DGA developed these controls to establish the requirements for risk management and business continuity in digital government, as outlined below:

• Risk Management Controls: To enhance the readiness of digital government agency and strengthen their ability to respond to risks, illustrates the implementation process of these controls. This includes establishing and governing a risk management system, assessing and addressing risks through the activation of risk management processes, as well as training and continuous improvement in risk management.

• Business Continuity Controls: To contribute and assist in planning to build an integrated business continuity system, through which its system is activated, and then the system is verified and corrected, which achieves high effectiveness in managing and improving business continuity in the government agency. illustrates the mechanism for applying these controls.

The requirements and standards set forth herein shall apply to all government agency providing digital services and products, as well as to operators, regardless of their type, size, or nature. Their applicability shall be determined based on the agency’s operating environment, level of complexity, and number of geographical locations.

Refined: Pursuant to paragraph 9 of Article 4 of the Digital Government Authority Regulation—which stipulates that the Authority shall "develop the technical standards for digital transformation models in government sectors and follow up on compliance with them, in coordination with the relevant authorities", DGA shall assess and measure the extent to which government agency comply with these controls following the mechanism determined by the DGA.

For more information; Check the digital version.