What are these security levels? What impact do they have on my data or cloud service?
Saudi Communications & Information Technology Commission (CITC) has recently published a Cloud Computing Regulatory Framework (CCRF) based on international best practices and analysis. The CCRF provides the rights and obligation for cloud service providers and cloud customers in KSA. The CCRF requires Customer Content to be classified into different levels of information security.
Customer Content Classification | Brief Description |
---|---|
Level 1 | Non-sensitive Customer Content of individuals or private sector companies |
Level 2 | Non-sensitive Customer Content of individuals or private sector companies |
Level 3 | Sensitive Customer Content of individuals or private sector companies |
Level 4 | Highly-Sensitive Customer Content from governmental agencies |
Information classified 3 and above, is subject to transfer restrictions outside the Kingdom. STC Cloud has no difference of service, privacy or security for any level of classification. As mandated by CITC, Cloud providers have to enable the classification, and let the customer choose their level. STC Cloud has enabled the selection of security classification during new customer registration. For existing customers, banners are displayed to direct the customer to choose the appropriate level of content classification.
For more information visit Saudi CITC’s website for this Document