Saudi Aramco GI 299.225 CYBERSECURITY ACCEPTABLE USE POLICY

This document is a General Instruction (GI) from Saudi Aramco detailing the Cybersecurity Acceptable Use Policy, specifically GI 299.225. It establishes the mandatory cybersecurity requirements for the acceptable use of Saudi Aramco's information and technology assets to safeguard them from risks such as virus attacks, data leakage, and system disruptions.

The policy covers essential topics including purpose, scope, definitions of key terms like Technology Asset and End-User, specific acceptable use guidelines for general usage, internet, and email, as well as prohibitions against malicious software and unauthorized access. It also outlines responsibilities for protecting information technology assets, incident detection, reporting procedures, and the disciplinary actions for violations.

This guide is critical for ensuring compliance and maintaining the integrity of Saudi Aramco's digital infrastructure. Ideal for IT security analysts, compliance officers, and all Saudi Aramco end-users, including employees, contractors, and affiliates, working within the oil and gas industry.