Data Protection Program

Additional Info

CompanyTechnology Oversight & Coordination - Saudi Aramco
Websitehttps://www.aramco.com
Company size (employees)500 to 999
Headquarters RegionMiddle East

Overview

The building blocks for having an effective and efficient Data Protection Program are as follows:
1. Management commitment and responsibility.
2. Essential data protection functions:
 Information Asset Management
 Risk Assessment
 Risk Treatment
 Data Protection Awareness
 Reporting Information Security Observations
 Access Control & Access Reviews
 Data Backup and Retention
 Business Continuity Planning
 Software Management
 Data Protection Reviews
 Compliance Management
 Corrective and Preventive Action
 Physical Security
 External 3rd Party Security
3. Resources such as qualified and competent ISA and Assistant ISA (as required by GI.710.015), subject matter experts (SMEs), and inspection teams are required to successfully establish, execute and manage the Data Protection Program
4. Data Protection Program KPIs (Key Performance Indicators) to gauge the maturity, progress and state of the Data Protection Program.
5. Data protection performance reporting to provide insight into the results and status of the Data Protection Program for decision making.

How we are different

The Data Protection Program provides the following benefits to the business organizations within Saudi Aramco:
 Brings the focus on information protection within the organization.
 Changes the organization’s approach to information protection from reactive to proactive.
 It is a simple-to-use program that is aligned with Saudi Aramco and international best practices.
 Provides enhanced coverage of information assets, which are critical to the organization.
 By implementing a wide range of administrative, physical and technical controls it provides enhanced information protection for the organization.