Terms of use

- Your use of the Qassim University website constitutes your acceptance of these terms. If you do not accept them in full, your access to this site or any sub-site is unauthorized, and you must stop using it immediately.

- You agree to use the Qassim University website only for lawful purposes, and you will refrain from sending or transmitting any material through this website that may infringe or violate the rights of others or limit or inhibit their use of this website, or that is illegal, threatening, abusive, libelous, defamatory, invasive of the privacy or copyrights of others, contains obscene language, offends religions or sacred sites, or for any other unacceptable reason, or that encourages the commission of a crime. invade the privacy or copyrights of others, contain obscene language, offend or violate the sanctity of religions and sacred sites, are for any other reason unacceptable, are likely to encourage the commission of a crime or involve civil liability, or are in violation of any law.

- Qassim University website or any person involved in the preparation, production or distribution of any material on this website shall not be liable for any direct or indirect material or moral damage arising from the use of this website or the inability to use it or from any error, omission or defect found in it or from the incorrectness of the information it provides or from any delay or interruption in its transmission.

- You expressly agree to use this site at your own risk, assume all risks thereof, and agree that Qassim University does not warrant that the service contained in this site will be uninterrupted or error-free, that any defects will be corrected, or that the site or the means of delivery are free of viruses or bugs.

- The Qassim University website does not bear any financial or legal consequences resulting from the use of the information on the site.

- The provision of services by the Qassim University website relates, inter alia, to third parties, and the website is not responsible for any act or omission of a third party and will not be liable for any damage, loss and/or expenses incurred by a user and/or any third party as a result of and/or in connection with any such act or omission.

- Browsing the Site and using the services contained therein constitutes your tacit agreement that the Site may perform computerized monitoring of your use of its services through "cookies" and/or similar measures. The Site may use any such information to monitor, supervise, develop and/or maintain the quality, level and integrity of the Services and/or to comply with the provisions of any law, and/or for its own needs, including university services and surveys.

Acceptable Use Policy

1. Acceptable Use of Access Accounts

- Passwords should not be shared with any other party.

- Passwords should not be recorded or written down in any way.

- Users should use different work passwords than those used for personal accounts.

- Passwords should be changed immediately if there are any indications that they have been compromised or leaked.

- Passwords should always be changed when you log in for the first time.

- Passwords must be at least 8 characters long and include upper and lower case letters, numbers and symbols.

- Users should not share access to university systems with anyone else.

- Users should allow anyone to enter any non-public facilities using their access information or cards, or by following them into these areas.

- Any suspicious activity on accounts should be reported to our technical support team immediately.

2. Acceptable use of messaging systems

- Email services should only be used for work-related or educational purposes.

- University email should not be used for non-work related purposes (e.g. blogs and forums).

- Suspicious attachments or links in emails should not be opened and should be reported immediately to our technical support team.

- Personal email accounts should not be used to share university data.

- University-provided messaging services should only be used for work-related correspondence.

- Highly confidential data should not be sent using email or instant messaging systems.

- Confidential data must be encrypted (e.g., by protecting it with a password) when sent to external email addresses (non-University addresses).

- When sending confidential data via fax, inform the recipient in advance and ask for confirmation of receipt.

- When sending confidential data via email, the word "confidential" should be added to the subject line or body of the email.

3. Acceptable use of Internet and network services

- University Internet services should not be used to view or download inappropriate or offensive material (e.g., games, suspicious websites, copyrighted material).

- University Internet services must not be used to attempt to gain unauthorized access to any external system.

- When on the premises, users should only use the internet services provided by the Deanship of Information Technology.

- When away from the premises, users should only use trusted internet services.

- When connecting to VPN services provided by the university, users should ensure that the devices used have up-to-date anti-malware software and operating systems.

4. Acceptable use of office equipment

- The screen should be locked if the device is left unattended.

- Users should not attempt to install any software or hardware without obtaining the approval of the Deanship of Information Technology.

- Users should not modify device security settings (e.g. lockdown policies, firewall, antivirus, etc.).

- Devices should be positioned in a way that minimizes the possibility of the screen being seen by other individuals while in use.

- Any suspicious activity or malfunction of security programs (e.g., anti-virus software) observed should be reported immediately to the Technical Support Team.

5. Acceptable use of encryption

- Work data should not be encrypted unless required by this policy; or only do so after obtaining formal consent from the data owner and the Deanship of Information Technology.

- Work data can only be encrypted using encryption programs provided by the Deanship of Information Technology.

- Upon termination of an employment relationship or transfer to another position within the university, users must ensure that all encryption keys they manage are handed over to their immediate managers.

6. Acceptable use of social media

- It is not permissible to create accounts representing the university on social media sites, unless an official approval is obtained from the General Administration of Media and Communication.

- Users should not post any information related to the university on social media accounts in an official capacity.

- Any suspicious activity observed on the university's social media accounts (e.g., account hacking, leakage of sensitive data) should be immediately reported to the technical support team.

7. Acceptable use of data and storage media

- Top-secret data should only be stored in lockable offices or centralized storage or archiving facilities; for non-top-secret data, it can also be stored in office cabinets and drawers.

- Top secret or confidential data must be encrypted (using tools provided by the Deanship of Information Technology) when stored on removable or portable storage media, and deleted immediately after use.

- Media containing highly confidential data should not be connected to devices that have not been authorized and managed by the University.

- Storage media should not be left unattended in public or open spaces (e.g., on desktops, printers, faxes, in vehicles, etc.).

- Cabinets, drawers, and desks should be locked when left unattended (if they contain non-public data or media).

- Top secret or confidential data available to a user must not be shared with other users without the knowledge and consent of the data owner.

- Highly confidential, secret or restricted data available to the user must not be shared with outside parties without the written consent of the data owner.

- Data must not be published or shared publicly without the written consent of the data owner.

- Top secret or confidential data from business applications must not be exported without the written consent of the data owner.

- The classification (within the document's footer, or its name, for non-editable documents) and the name of the data owner (at least, for Top Secret and Confidential data) must be added to documents containing Top Secret, Confidential, or Public data.

- The physical transfer of media containing confidential data must be done either by officially authorized university personnel, or by authorized couriers.

- Media containing non-public data must be erased (using tools provided by the Deanship of Information Technology) before being reused by another user.

- Paper copies containing non-public data should be shredded when no longer needed.

- The loss of any media containing highly confidential or classified data must be reported to the technical support team within two days.

8. Acceptable use of mobile and personal devices

- Personal devices should not be connected to the university's internal wired or wireless networks (with the exception of the guest wireless network).

- Personal devices should be protected using biometric authentication (e.g., fingerprint); if this feature is not available, passwords or patterns should be used.

- Software should only be installed from official and trusted app stores.

- Personal device settings should be configured so that all programs and operating systems update automatically.

- Personal device settings should be configured to lock if not used for five minutes or less.

- Only personal devices running iOS, Android, or Windows operating systems can be used.

- Personal devices should not be shared with anyone else, unless the device allows for the configuration of isolated profiles or workspaces.

- Highly confidential data should not be stored on mobile or personal devices.

- When users are in a public or open area, they should always keep mobile devices with them.

- Mobile devices should not be left unattended in the office, unless they are locked and secured with an inanimate object (e.g. through safety cables).

- Devices should not be left in cars when exiting the vehicle.

- University-issued mobile devices should not be shared with anyone else.

- The University has the right to remotely wipe the contents of personal devices when they are stolen, lost, or compromised.

- The University has the right to suspend access to any service in case of suspected suspicious behavior, until the incident is investigated and resolved.

- The loss or theft of any mobile or personal device must be reported to the technical support team within two days.

- Any suspected breach of a mobile or personal device should be reported to our technical support team within two hours.

- Users should notify technical support immediately if they find a device reported lost (to avoid wiping the contents of the device and resetting passwords, if possible).

9. The right to monitor users' activities

- The university has the right to monitor users' activities on the systems and services provided by the university, to the extent necessary to ensure the protection of the university's systems and data, while respecting the privacy of users as much as possible.

10. Responsibility for reporting incidents and vulnerabilities

- Users must immediately notify the Technical Support Team of any events that they suspect may adversely affect the confidentiality, integrity or availability of systems or data (e.g., system compromise, data leakage, receipt of phishing emails, etc.).

- Users should immediately notify the technical support team if they discover any vulnerability in any of the systems or services they are using (e.g. the ability to access data they should not have access to).

- The Site reserves the right to modify these Terms at any time and in any form it deems appropriate.