Employee Security Policy

The purpose of this policy is to ensure the integrity of employees who are granted access to the information systems at the UTAS-Sur. This is to minimize the risks of misuse, destruction, or unauthorized access to university data.

This policy applies to all members of UTAS-Sur, whether on a temporary or permanent basis as well as any third parties working with or contracted by the university, it covers all environments where the university’s information systems are operated.  

Information Systems and Educational Technologies Center.

‏Assistant Vice Chancellor for UTAS – Sur.

Any violation of this policy by all members or third parties (suppliers, contractors, business partners, etc.) will be subject to disciplinary and legal actions in accordance with the laws of the Sultanate of Oman, including regulations related to cybersecurity, university’s policies, labor laws, and electronic transactions.

 Pre-Employment Screening: 

• The university must verify the background of candidates before hiring, ensuring compliance with relevant regulations and policies in Oman. 

• Background checks must include verification of criminal records, credit history, and academic qualifications. 

 

 Employment Terms and Controls 

• The employee’s responsibility for handling university information securely. 

• Obligations regarding third-party data confidentiality. 

• Non-disclosure agreements, if required by law or institutional policies. 

• Disciplinary procedures for violations of information security policies. 

• Employees, contractors, and third parties must sign employment contracts and security policy documents as a condition of access to university resources. 

 

Employee Access and Privileges 

• UTAS must implement a role-based access control system to restrict access to sensitive data. 

• Access rights must be reviewed periodically and revoked immediately upon termination or role changes. 

 

Disciplinary Procedures for Security Violations 

• Employees who violate information security policies will be subject to disciplinary measures, which may include warnings, suspension, or termination. 

• All disciplinary actions must be documented and enforced without exception. 

 

 Termination or Resignation Procedures 

• Upon an employee’s termination or resignation, all access rights to university systems must be revoked immediately. 

• Any university-owned devices, access credentials, or sensitive data must be returned before processing final settlements. 

• The Human Resources Department must notify the IT Security team of any changes in employment status. 

  

This policy shall take effect from the approval date.