Digital Transformation

Basic Standards

19 March 2024

Document Type: Standards

Document Classification: Public

Issue No. 3.0

Document No.: DGA-1-2-1-111
Table of Contents

1. Introduction 4

2. Objectives 5

3. Digital Transformation Measurement Methodology 6

4. Scope and Application 9

5. Digital transformation standards 12

First Section: Strategy and Planning 12

5.1 Digital transformation planning 12

5.2 Digital Transformation governance 15

5.3 Enterprise Architecture 19

Second Section: Organization and Culture 24

5.4 Digital Culture and Environment 24

5.5 Developing digital transformation leaders 27

5.6 Building Competencies 30

Third Section: Processes and operation 33

5.7 Work procedures 33

Fourth Section: Risks Management & Business Continuity 37

5.8 Risks Management 37

5.9 Business Continuity 45

Fifth Section: Information Technology 55

5.10 Systems that support digital transformation 55

5.11 Technological Services Infrastructure 60

5.12 Cloud Architecture 68

Sixth Section: Whole-of-Government 70

Digital Transformation Basic Standards DGA-1-2-1-111

2
5.13 Whole-of-government platforms 70

Seventh Section: Channels and Services 81

5.14 Digital services quality 81

5.15 Digital Channels and Services 84

Eighth Section: Beneficiary Centrality 89

5.16 Beneficiary participation 89

5.17 Enhancing relationship with the beneficiary 93

5.18 Beneficiary Experience 96

Ninth Section: Government Data 100

5.19 Data Governance and Management 100

5.20 Data Usage and Availability 103

5.21 Open Data 106

Tenth Section: Research and Innovation 109

5.22 Institutional Innovation 109

5.23 Innovative Solutions 113

6. Table of Definitions 115

7. Appendices 119

7.1 Measurement Mechanism 119

7.2 Mechanism of Compliance Verification 121

7.3 Mechanism for Inquiry or Information Request 122

7.4 High Orders, Council of Ministers Resolutions and Relevant Circulars 124

7.5 Frequently Asked Questions (FAQ) 135

7.6 List of relevant government agencies according to the scope of standards 138

Digital Transformation Basic Standards DGA-1-2-1-111

3
1. Introduction
The Digital Government Authority (DGA) works on enhancing digital performance within Government Agencies,

raising quality of services, enhancing beneficiary experience of such services, supporting digital transformation and

contributing to increasing investment returns and the value of the national economy, in order to achieve the

aspirations of our ambitious vision 2030 to reach advanced levels in the field of digital government.

Since the Digital Government Authority (DGA) is the competent authority for all matters related to digital government,

and the national reference in its affairs, and based on its competence to regulate the activities of digital government

in government agencies, as stipulated in Article (3) of the Digital Government Authority Regulations issued by the

Council of Ministers’ Resolution No. (418) dated 25/07/1442 AH,. Referring to the provisions of the fifth and sixth

paragraphs of Article (4) of the aforementioned Regulations, which state on the functions and competencies of the

Digital Government Authority, involving: “Issuance of metrics, indicators, tools and reports, to measure the

performance of Government Agencies and their capabilities in the field of digital government and beneficiary's

satisfaction, as well as to follow up on Government Agencies’ compliance with decisions and high orders issued in

relation to digital government transactions, in accordance with the frameworks and standards set by the DGA.”

From this standpoint, the Digital Government Authority (DGA) has developed the third issue of the "Digital

Transformation Basic Standards" document, as one of the standards issued by the DGA, and government agencies

must adhere to its provisions. It is also the primary tool for measuring the performance and capabilities of government

agencies in the field of digital government; through the Digital Transformation Measurement Index. The document

included the controls and standards drawn from the DGA’s Regulations, High Orders, Council of Ministers’ Resolutions

and circulars issued in this regard. The document is one of the regulatory documents for the digital government

regulatory framework, and it contributes effectively to creating a regulatory environment that supports sustainable

government digital transformation. It also enhances the capabilities of government agencies and improve their level

of performance and effectiveness, which in turn will be reflected in accelerating the pace of government digital

transformation.

The document clarifies the methodology for measuring digital transformation and its basic levels. The digital

transformation standards are one of those levels that apply the "concept of digital transformation" by strategically

transforming and developing business models to digital models based on data and advanced technologies.

Digital Transformation Basic Standards DGA-1-2-1-111

4
2. Objectives

This document aims to define the digital transformation standards by clarifying their compliance
requirements and supporting documents for each standard, in order to achieve the following:

1. Fostering Government Agencies’ compliance with high orders, council of ministers’

resolutions and circulars related to digital transformation.

2.Improving government agencies’ performance and effectiveness by meeting the digital

transformation standards requirements.

3.Improving the quality of digital government services provided to beneficiaries.

4. Contributing to the Kingdom's progress in relevant international indicators.

Digital Transformation Basic Standards DGA-1-2-1-111

5
3. Digital Transformation Measurement Methodology

The Digital Government Authority (DGA) has developed the "Digital Transformation Measurement Methodology" in

this document by integrating the standards derived from High Orders, Council of Ministers’ Resolutions, circulars and

the digital transformation standards into one section under the name "Digital Transformation Basic Standards". Figure

(1) shows the result of merging the two sections. This merger aims to improve alignment with international

experiences in measuring digital transformation and provide a unified reference framework that supports the concept

of Whole-of-Government, and standardize and simplify standards and avoid repetition of some (related) topics, which

previously appeared in both sections. "Creativity in Digital Transformation" has also been developed previously to

become one of the digital transformation standards in this document, under the name of "Research and Innovation".

It includes aspects related to institutional innovation and innovative solutions to enable Government agencies to

improve their readiness towards adopting innovation and sustaining the innovative environment, in addition to

measuring the impact of sustaining innovative solutions and following up on their continuous improvement.

Digital Transformation Basic Standards 2024

1. Standards derived from

Royal Orders and Council
of Ministers’ Resolutions

Digital Transformation Basic

Standards

2. Digital Transformation
Standards

Digital Transformation Basic Standards 2023

Digital Transformation Basic Standards DGA-1-2-1-111

6
The measurement methodology of digital transformation – Figure (2) – included three basic levels:

1. Sections: They represent the first level of the methodology and main component of the digital transformation

process that reflects the strategic directions of digital government. There are ten main sections, including a

number of related axes.

2. Axes: They represent the second level of the methodology. Axes are related to the topic of the section it drawn

upon. They are twenty-three axes, and each axis includes a number of digital transformation standards.

3. Standards (Digital Transformation Standards): They represent the third level of the methodology. The

standards are a set of metrics, rules and controls governing processes and tasks related to digital government.

The document includes ninety-six standards.

Digital Transformation Measurement

Methodology
Risks
Processes Channels Research
Strategy and Organization Management Whole-of- Beneficiary
Planning and Culture
and and Business IT Government
and
Centrality
Government Data and Sections
Operation Continuity Services Innovation

5.1 5.10
5.4
Digital Culture Systems that 5.16 5.19 Data
Digital support digital Beneficiary Governance and
and 5.8
Transformation transformation 5.14 Digital Participation Management 5.22
Environment
Planning Services Institutional
Risks
Quality Innovation
Management

5.2 5.5 5.13 Axes

5.11 5.20 Date
Digital Developing digital Whole-of- 5.17 Enhancing
5.7 Technological Usage and
Transformation transformation government Relationship with
Work Procedures Services Availability
Governance leaders platforms the Beneficiary
Infrastructure

5.15 Digital
5.9 Channels 5.23
Business and Innovative
5.3 5.6 Continuity Services 5.18 Solutions
5.12 Cloud 5.21 Open
Beneficiary
Institutional Building Architecture Data
Experience
Architecture Competencies

Figure (2): Digital Transformation Measurement Methodology

Digital Transformation Basic Standards DGA-1-2-1-111

7
Figure (3) shows the structure of standards card, which has been updated after the merger of the standards drawn

from High Orders, Council of Ministers’ Resolutions, circulars and digital transformation standards into one section.

The card included the "number and text of the standard" related to the axis, in addition to the "objective" of applying

the standard and the expected results. The card also included the “compliance requirements” that explain and clarify

the main requirements for applying the standard (with sequential or non-sequential conditions or specific steps).

The standard card contains "proof documents" that clarify the mechanism for verifying the application of the

standard, whether it is (a report, document, attachment of a specific plan, forms or certificate), as stipulated in the

document. The card highlights the orders, decisions, circulars and the like related to digital transformation. The card

specifies the relevant government agencies, which must apply that standard; the scope may include all government

agencies or allocated to specific agencies. These agencies have been identified and updated in the list of government

agencies concerned with the application of those standards.

Standard
Text of the Standard
Number
Objective Objective and expected impact

<Requirement1>
Compliance
<Requirement2>
Requirements
<...>

<Supporting document 1>

Supporting <Supporting document 2>
documents Attachments required from the Agency, which reflect the Agency’s compliance with the
standard

Related Orders, < High Order/Council of Ministers’ Resolution/ Circular 1>

Resolutions and < High Order/Council of Ministers’ Resolution/ Circular 2>
Circulars References and legal basis for the standard

Scope
Defining government entities for which the standard is applicable

Figure (3): Standards card structure

Digital Transformation Basic Standards DGA-1-2-1-111

8
4. Scope and Application

The DGA has prepared this document to define the digital transformation standards that government
agencies must apply and adhere to, in accordance with the following:

First Section: Strategy and Planning

It includes three main axes aimed at developing strategic plans for digital transformation, according to the
following:
• Digital transformation planning.
• Digital Transformation governance.
• Institutional structure.

Second Section: Organization and Culture

It includes three main axes aimed at enhancing digital culture of the Agency's employees, according to the
following:
• Digital Culture and Environment.
• Developing digital transformation leaders.
• Building competencies.

Third Section: Processes and operation

It includes a main axis aimed at designing and documenting work procedures and processes in the government
agency, according to the following:
• Work procedures.

Fourth Section: Risks Management & Business Continuity

It includes two main axes aimed at enhancing the agency's ability to identify risks that would affect the
continuity of digital government services, according to the following:
• Risks Management.
• Business Continuity.
•

Digital Transformation Basic Standards DGA-1-2-1-111

9
 Fifth Section: Information Technology

It includes three main axes aimed at fulfilling requirements of the application and systems architecture that
support digital transformation, according to the following:
• Systems supporting digital transformation.
• Technical services infrastructure.
• Cloud architecture.

Sixth Section: Whole-of-government

It includes a main axis aimed at promoting the application of the whole-of-government approach, according to
the following:
• Whole-of-government platforms.

Seventh Section: Channels and Services

It includes two main axes aimed at identifying all channels through which the agency can provide the services, according
to the following:
• Digital services quality.
• Digital channels and services.

Eighth Section: Beneficiary Participation

It includes three main axes aimed at enhancing the role of the beneficiary and transforming it to an effective partner in
the development and improvement of digital government services, according to the following:
• Beneficiary participation.
• enhancing the relationship with the beneficiary.
• Beneficiary experience.

Digital Transformation Basic Standards DGA-1-2-1-111

10
 Ninth Section: Government Data

It includes three main axes aimed at implementing the regulations and standards related to government data and its
development mechanism, according to the following:
• Data governance and management.
• Data usage and availability.
• Open data.

Tenth Section: Research and Innovation

It includes two main axes aimed at adopting innovation and sustaining the innovative environment, according to the
following:
• Institutional innovation.
• Innovative solutions.

Digital Transformation Basic Standards DGA-1-2-1-111

11
5. Digital transformation standards
First Section: Strategy and Planning
5.1. Digital transformation planning

The axis includes the development of a digital transformation plan and a roadmap developed by the government agency for the
development of basic systems and processes, to define the agency's vision and the strategic objectives that the agency wishes to
achieve from digital transformation.

5.1.1 Strategic Planning for Digital Transformation

Developing a strategic plan for digital transformation to be in line with the DGA’ strategy and the
Objective
objectives of the Saudi Vision 2030.

1) Preparing a strategy for digital transformation/ e-government transactions transformation, to

include the following:
a. Strategic vision, mission, pillars and objectives, to be linked to the agency’s strategy.
Compliance
b. Strategic initiatives and projects and strategic performance indicators.
Requirements
c. The model of achieving integration with the relevant external parties to achieve the
objectives.
d. Competencies and skills necessary to achieve the plan’s objectives.

Supporting 1) Attaching the approved strategic plan for digital transformation, which includes all compliance
documents requirements of the standard, to be approved within a period not exceeding 36 months.

Related Orders,
▪ Council of Ministers’ Resolution No. (40) dated 27/02/1427 AH, Paragraph No. (16).
Resolutions and
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

12
 5.1.2 Executive Planning for Digital Transformation
Developing a digital transformation implementation plan according to best practices based on the
Objective agency’s digital transformation strategic plan, and identifying mechanisms and timelines for
implementation and follow-up.

1) Developing an implementation plan for digital transformation/e-Government transformation based

on the strategic plan, to include:
a. Detailed list of initiatives and projects related to digital transformation.
Compliance
b. Determining the timetable for the implementation of these initiatives and projects and stages of
Requirements
implementation.
c. Setting interim (operational) objectives.
d. Identifying performance indicators for the implementation plan.

Supporting 1) Attaching the approved implementation plan for digital transformation, which includes all
documents compliance requirements of the standard, to be approved within a period not exceeding 12 months.

Related Orders,
▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Resolutions and
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

13
 5.1.3 Establishing a Unit for Managing Digital Transformation Projects

Establishment of a unit for managing digital transformation projects to ensure efficiency of digital
Objective
projects, and follow up the digital transformation progress.

1) Establishment of a unit for managing digital transformation projects at the agency.

2) Existence of a clear structure for the digital transformation projects management unit and identifying
Compliance
limits of powers and responsibilities.
Requirements
3) Following up on the progress of digital transformation/ e-transformation periodically, and including
the results within the agency's annual report.

1) Attaching a document proving that the agency has established an office to manage digital
transformation projects.
Supporting
2) Attaching the approved structure of the digital transformation projects management unit to clarify
documents
the limits of powers and responsibilities.
3) Providing a copy of the report pages that prove that the agency has included the digital
transformation measurement report in its annual report.

Related Orders,
▪ Council of Ministers’ Resolution No. (40) dated 27/02/1427 AH, Paragraph No. (22).
Resolutions and
▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs(1), (10) and (18).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

14
5.2. Digital Transformation governance
The axis includes the standards and requirements for implementing a system that governs relations between the main parties
that affect the performance and determining the responsibilities in the government agencies. The axis also includes the most
important elements needed to enable the government agency to govern digital transformation in the long term.

5.2.1 Adopting a digital transformation governance framework

Developing a general framework for digital transformation governance that aims to follow up on the
Objective
implementation of digital transformation plans and ensure the achievement of the objectives.

1) Developing a digital transformation governance framework that covers all initiatives and
processes related to digital transformation.
2) Defining the monitoring and measurement mechanism, and the periodic reporting forms, through
which progress in the implementation of digital transformation initiatives and projects will be
measured.
Compliance 3) Identifying departments and committees responsible for governance and change processes,
Requirements including the governance and management of shared products and services.
4) Unifying the departments supervising information technology under a general department
named the General Department of Information Technology and linked to the chief officer or his
representative, and allocating a properly qualified general manager.
5) Formatting the e-Transactions/Digital Transformation Committee under the chairmanship of the
chief officer or his representative and membership of the relevant departments/ agencies.

1) Attaching an approved governance framework that fulfills the compliance requirements related
to this standard and clarifies the mechanisms for following on up implementation and measuring
performance.
2) Attaching evidences proving that the agency has identified the departments and committees
responsible for governance and change processes, including the governance and management of
shared products and services.
3) Attach the agency's organizational structure, showing the unification of the departments
Supporting supervising information technology under one general department.
documents 4) The decision to appoint the IT general manager or a statement from the Enterprise Resource
Management System stating that a Saudi qualified person has been appointed at this position.
5) Submitting a decision to form an internal committee concerned with everything related to e-
government transactions or digital transformation, with a clarification of the administrative
positions of the committee members and membership of the chief officer for each department
concerned with e-government transactions, and chief officer responsible for information
technology and administrative development. It shall be headed by the agency's chief officer or
his representative. The main tasks of this committee include the supervision and follow up on the

Digital Transformation Basic Standards DGA-1-2-1-111

15
 implementation of its e-transactions plan, and coordination with the DGA in this regard.

▪ Royal Order No. (8189/MB) dated 19/06/1426 AH,.

▪ Royal Order No. 7732 dated 12/02/1440 AH, Clause (Fourth).
▪ Council of Ministers’ Resolution No. (555) dated 23/09/1440 AH, Paragraph No. (3) of Clause
Related Orders, (Ninth).
Resolutions and ▪ Council of Ministers’ Resolution No. (240) dated 23/07/1428 AH, Clauses (First), (Second) and
Circulars (Third).
▪ Council of Ministers’ Resolution No. (40) dated 27/02/1427 AH, Paragraph No. (17).
▪ Council of Ministers’ Resolution No. (252) dated 16/07/1431 AH,.
▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (11).

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

16
 5.2.2 Applying a digital transformation governance framework

Implementing the digital transformation governance framework, monitoring the progress of

Objective
implementation processes and taking the necessary corrective actions.

1) Developing a card for each digital transformation initiative.

2) Issuing periodic performance reports for digital transformation initiatives and projects showing
the completion percentage of implementation stages.
3) Holding periodic meetings for departments and committees responsible for controlling and
governance of digital transformation.
4) Issuing corrective decisions and actions based on the results of follow-up and governance
periodic reports.
Compliance
5) Using a methodology and developing policies and processes for projects management.
Requirements
6) Preparing models for managing digital transformation projects that include, at a minimum, the
following:
a. Project charter.
b. Project scope.
c. Project schedule.
d. Project cost plan.
e. Project progress report.

Attaching documents and samples that prove the agency's compliance with the requirements of
applying this standard:
1) 3 Samples of initiative cards.
2) 3 Samples of periodic performance reports.
Supporting
3) 3 Samples of minutes of meetings.
documents
4) 3 Samples of corrective decisions and actions.
5) Attaching samples of the documents proving that the agency has a methodology, policies and
processes for managing the projects.
6) Attaching samples of project management forms that meet the requirements of applying this
standard.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (10).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

17
 5.2.3 Enhancing cooperation in the field of digital transformation governance

Implementing mechanisms for governance of initiatives and joint projects between the agencies to
Objective achieve the objectives in the digital transformation, control the progress of the implementation
processes and take the necessary corrective actions.

1) Agreeing on a joint mechanism for governance of digital transformation initiatives and

projects and joint products between government agencies. The mechanism clarifies the
targeted parties, type and objectives of cooperation required, and the schedule for
implementation stages.
Compliance 2) Forming joint committees necessary to follow up the governance of joint project and
Requirements initiatives.
3) Issuing periodic performance follow-up reports for joint initiatives and projects showing the
progress in implementing cooperation with the targeted government agencies.
4) Conducting periodic meetings for joint committees responsible for controlling and governance
of joint initiatives and projects.

Attaching documents and samples that prove the agency's compliance with the requirements of
applying this standard:
Supporting 1) Shared Governance Mechanism.
documents 2) Sample of the decisions to form joint committees.
3) 3 samples of periodic performance follow up reports.
4) 3 Samples of minutes of meetings.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

18
 5.3. Enterprise Architecture

The axis includes practices and controls to study the current state of the government agency, and build a roadmap for the
transition to the future state to achieve alignment between the business sector (services and procedures), information
technology (data, applications, and infrastructure), and the government agency’s strategic objectives.

5.3.1 Establishment of the Enterprise Architecture Unit

Establishing the Enterprise Architecture Unit to support the recognition of strategic objectives and
Objective
digital transformation.

1) Launching a project for the Enterprise Architecture at the agency through an internal team or
through external consultants.
2) Establishing an organizational unit for the Enterprise Architecture to be directly linked to the
Compliance
agency’s senior management, or to the unit supervising digital transformation.
Requirements
3) Forming a committee for the governance of Enterprise Architecture.
4) Developing or adopting a model for the Enterprise Architecture unit to interact with other
administrative/ organizational units.
5) Preparing and approving Enterprise Architecture policies and procedures.

Accreditation certificate in the event that the agency obtains the national Enterprise Architecture
accreditation certificate (third or fourth level) within a period not exceeding two years from the date of
its issuance. The certificate can be accepted as a proof document within a maximum of three months
from its expiry date.
If this certificate is not available, the agency must provide the following:
1) An approved document proving the launch of an Enterprise Architecture project at the agency
Supporting through an internal work team or through external consultants. This document shall include the
documents Enterprise Architecture scope and the time plan of the project.
2) An approved document proving the establishment of an administrative unit for the Enterprise
Architecture.
3) An approved document of the formation of a governance committee and structure and mechanism
of its work.
4) An approved document for the interaction model between the Enterprise Architecture unit and
other administrative/ organizational units at the agency.
5) An approved document of the Enterprise Architecture policies and procedures.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (9).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

19
 5.3.2 Application of Enterprise Architecture Practice

Applying the Enterprise Architecture practice and enhancing institutional work by taking advantage of
Objective
Enterprise Architecture methodologies in digital transformation.

1) Determining the applied Enterprise Architecture methodology such as Nora or other methodologies
to be valid for application and identifying and building the general model of the Enterprise
Architecture components (Metamodel).

2) Developing objectives, requirements and challenges and aligning them with strategic objectives.

3) Documenting the current state of business architecture, application architecture, data architecture
and technical architecture at the agency, and the documentation level required (conceptual, logical,
physical).

4) Developing documents on the future status of the business architecture, application architecture,
data architecture and technical architecture at the agency, based on the strategic objectives of the
agency's digital transformation, while benefiting from the international references appropriate to
Compliance
the agency's work nature and the services it provides.
Requirements
5) Listing and analyzing the gaps between the current and future status and classifying them into
interconnected working groups.

6) Developing a roadmap for digital transformation to implement the initiatives and projects resulting
from the gap analysis process. The roadmap shall include the following points:

a. Detailed cards for initiatives and projects.

b. Performance indicators through which progress in implementation is evaluated.
c. Implementation schedule.
d. Mechanisms for monitoring and measuring performance indicators.
7) Developing and building the Enterprise Architecture repository to inventory its components based
on the agency's needs and objectives.

Accreditation certificate in the event that the agency obtains the national Enterprise Architecture
accreditation certificate (third or fourth level) within a period not exceeding two years from the date of
its issuance. The certificate can be accepted as a proof document within a maximum of three months
from its expiry date.
If this certificate is not available, the agency must provide the following:

Supporting 1) Framework document, general model and methodology applied.

documents 2) Alignment document between the Enterprise Architecture’s objectives and the agency's strategic
objectives.

3) Current state documents of business architecture, application architecture, data architecture and
technical architecture at the agency.

4) Future state documents of business architecture, application architecture, data architecture and
technical architecture and alignment with the Enterprise Architecture’s objectives.

Digital Transformation Basic Standards DGA-1-2-1-111

20
 5) Document of gaps analysis between current and future state.

6) Document of the agency's digital transformation roadmap, indicating (initiatives and projects,
performance indicators, schedule, and follow-up and measurement mechanisms).

7) Samples of indicator board, reports and components of the Enterprise Architecture repository.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (9).

Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

21
 5.3.3 Follow-up and implementation of Enterprise Architecture

Enhancing the Enterprise Architecture’s role in following up and implementing the digital
Objective
transformation map.

1) Benefiting from the technical systems and Enterprise Architecture repository to reflect the data of
Enterprise Architecture components and follow up the implementation processes related to the
roadmap.
2) Monitoring and updating the Enterprise Architecture components continuously.
3) Implementing digital transformation initiatives and projects in alignment with the concerned
Compliance departments.
Requirements 4) Issuing periodic reports on the implementation of Enterprise Architecture through technical
systems and Enterprise Architecture repository, and measuring performance indicators.
5) Working continuously, through the unit responsible for Enterprise Architecture, to study and
analyze periodic reports and take preventive and corrective decisions and actions necessary to
achieve the digital transformation’s objectives at the agency, based on the approved governance
framework.

Accreditation certificate in the event that the agency obtains the national Enterprise Architecture
accreditation certificate (third or fourth level) within a period not exceeding two years from the date
of its issuance. The certificate can be accepted as a proof document within a maximum of three
months from its expiry date.
If this certificate is not available, the agency must provide the following:
Supporting 1) Sufficient samples of technical systems and Enterprise Architecture repository proving the agency's
documents compliance with the application requirements related to this standard (3 samples).
2) Samples of periodic reports issued from technical systems and Enterprise Architecture repository
(3 samples).
3) Official minutes and documents proving that the agency has studied and analyzed periodic reports
and performance indicators and taken the necessary corrective and preventive decisions and
actions (3 samples).

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

22
 5.3.4 Enhancing the institutional structure’s role in digital transformation and measuring impact

Enhancing the Enterprise Architecture unit's role in sustaining digital transformation/ financial planning
Objective
participation/ achievement of strategic objectives.

1) Developing digital transformation plans on an ongoing basis to benefit from and take advantage of
previous stage results to achieve the agency's objectives and enhance the utilization of technology,
and enable the agency to accurately measure performance through periodic reports issued by the
Compliance
Enterprise Architecture unit and the Enterprise Architecture repository.
Requirements
2) Using and applying the latest technologies in implementing digital transformation plans.
3) Monitoring performance indicators and governance processes, by providing proactive reports to
senior management that contribute to improving performance, reducing costs and financial and
time resources, and achieving the Enterprise Architecture's benefits and values.

Accreditation certificate in the event that the agency obtains the national Enterprise Architecture
accreditation certificate (fourth level) within a period not exceeding two years from the date of its
issuance. The certificate can be accepted as a proof document within a maximum of three months from
its expiry date.
Supporting
If this certificate is not available, the agency must provide the following:
documents
1) Documents proving that the agency has developed and updated digital transformation plans on an
ongoing basis, based on the Enterprise Architecture’s reports.
2) Documents proving that the agency has employed the latest technologies to improve Enterprise
Architecture practice and digital transformation.
3) Periodic reports of the institutional structure on follow-up and impact assessment.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

23
 Second Section: Organization and Culture
5.4. Digital Culture and Environment

The axis includes practices and programs that raise the familiarity level of digital transformation concepts and adopt these
concepts in the organization to contribute to the promotion of digital culture among the government agency’s employees.

5.4.1 Preparing Studies and Programs for the Promotion of Digital Culture and Environment

Identifying the level of awareness among the government agencies’ employees of digital
Objective
transformation and preparing the studies and programs necessary to raise this awareness.

1) Preparing a study to determine the level of awareness of the agency's employees about digital
transformation and its importance, and their familiarity with digital transformation plans and
initiatives and their completion rates, as well as the fields of digital transformation. Then,
identifying the gaps in this regard at the different levels within the agency.
Compliance 2) Preparing awareness programs for the government agency's employees on the importance of
Requirements digital transformation processes, to include:
a. Identification of the targeted groups and objectives to raise awareness of digital
transformation among the agency's employees in various units and administrative levels.
b. Choosing the means and channels that will be used in the programs aimed at raising awareness
of digital transformation and the schedule for implementing these programs.

1) Attach documents proving that the agency has studied the level of awareness of its employees
Supporting about digital transformation.
documents 2) Attaching awareness programs document prepared by the agency to raise awareness of its
employees about digital transformation, which meets the requirements of applying this standard.

Related Orders,
▪ Council of Ministers’ Resolution No. (40) dated 27/02/1427 AH, Paragraph No. (16).
Resolutions and
▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, Paragraph No. (3).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

24
 Implementing and improving programs to raise awareness of digital transformation and
5.4.2
measuring its impact
Implementing approved programs to raise the agency’s employees awareness of digital
Objective
transformation and measure the impact resulting from the implementation of these programs.

1) Implementing awareness programs for the government agency’s employees on the importance
of digital transformation, and establishing the activities and events necessary in this respect.
2) Organizing awareness workshops for the agency’s employees on the need to abide by laws and
regulations related to controls of using information and communication technologies.
3) Organizing events to introduce the agency’s employees to digital transformation plans and
Compliance
initiatives and their completion rates through various channels.
Requirements
4) Implementing awareness activities involving leaders aimed at increasing employees' adoption of
digital transformation process and active contribution (Leader’s driven Digital adoption).
5) Preparing periodic reports on the activities and events implemented to raise awareness and
follow up them by the e-Government Committee - Digital Transformation Committee – at the
agency or by other committees acting on their behalf, and taking corrective measures.

1) Three samples proving that the agency has fulfilled the compliance requirements related to this
standard with regard to informing its employees of the importance of digital transformation
processes, and the need to abide by laws and regulations related to the controls of using
Supporting information and communication technologies, and digital transformation plans and initiatives
documents and their completion rates.
2) Three samples demonstrating the participation of leaders in awareness-raising activities.
3) A sample of completion reports, committee minutes and corrective decisions related to digital
transformation awareness-raising programs that meet the compliance requirements of this
standard.

▪ Council of Ministers’ Resolution No. (40) dated 27/02/1427 AH, Paragraph No. (16).
Related Orders,
▪ Council of Ministers’ Resolution No. (555) dated 23/09/1440 AH, Paragraph No. (4) of Clause
Resolutions and
(Ninth).
Circulars
▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (3).

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

25
 5.4.3 Using technical tools to assist in implementing the agency's businesses

Promoting the adoption of technical tools to improve the daily or regular activities of the agency's
Objective
employees.

1) Providing a mechanism to respond to the employees’ requests of any software or licenses that
support digital tools used by the agency's employees in their daily tasks.
Compliance
2) Organize training workshops or short courses for these digital tools.
Requirements
3) Training the authorized employees of the agency on the use of information systems and
resources.

1) Attaching the mechanism or proof of practice that meets the compliance requirements of this
Supporting standard.
documents 2) Attaching photos and completion reports of workshops and courses and evidences that the
agency's employees have applied these tools and used information systems and resources.

Related Orders,
▪ Council of Ministers’ Resolution No. (555) dated 23/09/1440 AH, Paragraph No. (1) of Clause
Resolutions and
(Ninth).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

26
 5.5. Developing digital transformation leaders

The axis includes the concept of developing leadership and executive skills in the field of digital transformation in a way that
enhances human, technical and operational capabilities of the government agency.

5.5.1 Planning to Qualify Digital Transformation Leaders

Objective Qualifying digital transformation leaders and building leadership capacities in the government agency.

1) Preparing an analytical study of the current situation and identifying the training needs of digital
transformation leaders at the agency, and the needs of digital leadership competencies and
national competencies specialized in the fields of digital government business.
2) Preparing a plan for developing digital transformation leaders at the agency, and raising their
performance level in the areas of digital government business, to include the following:
a. Specifying the programs, courses and activities necessary for developing digital
transformation leaders. These programs shall be theoretical, applicable and of a long-term
Compliance
nature.
Requirements
b. Identifying names and positions of digital transformation leaders participating in these
programs and activities.
c. Setting a schedule for implementing these programs.
d. Developing criteria and methodology for selecting digital transformation leaders to qualify
them. This includes Investing in qualifying future leaders. Leaders shall be from different
sectors, departments, sections and fields to support digital transformation, and are not limited
to IT departments.

Supporting 1) Analytical study of the current situation that meets the compliance requirements of this standard.
documents 2) A plan for developing digital transformation leaders at the agency, and raising their performance
level in the areas of digital government business that meet the requirements of this standard.

▪ Council of Ministers’ Resolution No. (555) dated 23/09/1440 AH, Paragraphs No. (1) and (3) of
Related Orders, Clause (Ninth).
Resolutions and ▪ Council of Ministers’ Resolution No. (418) dated 25/07/1442 AH, Paragraph No. (11) of Article (4)
Circulars of the Digital Government Authority's Regulations.
▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph (2).

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

27
 5.5.2 Implementing and following up on the plan to qualify digital transformation leaders
Implementing a plan to qualify digital transformation leaders to ensure the recognition of their
Objective
objectives and measuring the resulting impact.

1) Identifying and approving a mechanism for follow-up and measurement, and preparing periodic
follow-up reports for the plan, which include, at a minimum, the following:
a. Detailed list of approved training programs that have been implemented (providers and
implementation dates).
Compliance
b. Training courses certificates.
Requirements
2) Issuing periodic follow-up reports of the plan by the e-Government Transactions Committee –
Digital Transformation Committee – at the agency or by other committees acting on their behalf.
3) Studying and analyzing periodic reports and issuing decisions and corrective actions based on the
results of follow-up periodic reports.

1) The mechanism adopted to follow up and measure the impact of digital transformation leadership
qualification programs (including the list of training programs and samples of certificates, 3
samples at least).
Supporting 2) A sample of periodic follow-up reports to implement the digital transformation leadership
documents qualification plan.
3) A sample of minutes proving that the e-Government Transactions Committee - Digital
Transformation Committee – has studied the periodic reports, followed up on the implementation
and took corrective decisions.

Related Orders, ▪ Council of Ministers’ Resolution No. (555) dated 23/09/1440 AH, Paragraph No. (3) of Clause
Resolutions and (Ninth).
Circulars ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph (2).

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

28
 5.5.3 Involving digital transformation leaders

Involving qualified leaders in the digital transformation process and motivating them to effectively
Objective
make decisions in the agency.

1) Involving qualified leaders in the field of digital transformation in committees active in digital
Compliance transformation process and decision-making processes, and benefiting from their experiences and
Requirements qualifications in implementing strategic initiatives in digital transformation.
2) Appointing new qualified leaders to leadership positions, if any.

1) Sample of the decisions to form committees active in digital transformation process, and
Supporting
identifying the names of qualified leaders involved in supporting digital transformation.
documents
2) Sample of the decisions to appoint qualified leaders, if any.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Circulars

Scope All government agencies.

5.5.4 Collaboration and recruitment at the level of digital transformation leaders

Activating the exchange of experiences between leaders within the agency or with external parties
Objective
and recruiting national competencies specialized in digital government business.

1) Recruiting specialized national competencies to meet the need of digital leadership

competencies, or involving distinguished leaders in other entities such as secondment and
Compliance
assignment.
Requirements
2) Organizing workshops and conferences for digital transformation leaders at the agency level or
with other external parties.

Supporting 1) A list of the names of leaders who were recruited/ seconded from/ to other agencies.
documents 2) Sample of workshops and conferences held with other government agencies.

▪ Council of Ministers’ Resolution No. (555) dated 23/09/1440 AH, Paragraphs No. (1) and (3) of
Related Orders, Clause (Ninth).
Resolutions and ▪ Council of Ministers’ Resolution No. (418) dated 25/07/1442 AH, Paragraph No. (11) of Article (4)
Circulars of the Digital Government Authority's Regulations.
▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph (2).

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

29
 5.6. Building Competencies.

The axis includes the standards and requirements for developing the process of building human capacity and competencies and
enabling workforce to deal with digital technologies and solutions that enhance their innovation capabilities to develop tasks,
business and services using the latest digital solutions and technologies.

5.6.1 Developing a plan to build competencies in digital transformation

Enhancing the government agencies’ competencies in digital transformation fields by developing

Objective the capabilities of their employees at the intermediate and lower job levels, or by recruiting the
necessary competencies.

1) Preparing an analytical study of the current state of the levels and capabilities of the agency’s
employees in digital government business.
2) Preparing a competency building plan to develop the agency employees’ skills and raise their
performance level in the fields of digital government, and updating this plan periodically to
include:
Compliance a. Objectives of the competency building plan, to be compatible with the agency's strategy
Requirements and its digital transformation plan.
b. Training and employment programs, training fields and their levels (basic, intermediate,
advanced) and job specializations, noting that short courses and workshops are not
appropriate in this field.
c. Those targeted by these programs and their numbers.
d. Schedule of these programs and performance indicators.

Supporting 1) Analytical study of the current state.

documents 2) Competency building plan that meets the compliance requirements of this standard.

▪ Council of Ministers’ Resolution No. (555) dated 23/09/1440 AH, Paragraphs No. (1) and (3) of
Related Orders, Clause (Ninth).
Resolutions and ▪ Council of Ministers’ Resolution No. (418) dated 25/07/1442 AH, Paragraph No. (11) of Article (4)
Circulars of the Digital Government Authority's Regulations.
▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph (2).

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

30
 Implementing, measuring and improving a plan to build competencies in digital
5.6.2
transformation fields
Implementing a plan to build competencies in the field of digital transformation in order to achieve
Objective the required impact in the same field, and measuring and improving these programs based on the
periodic reports.

1) Identifying and approving a mechanism for follow-up and measurement, and preparing periodic
follow-up reports for the plan, which include, at a minimum, the following:
a. Detailed list of the training programs that have been implemented (providers and
implementation dates) and experiences that have been employed - according to the
approved competency building plan.
Compliance
b. Copies of training programs certificates, CVs and affiliation statements for the experiences
Requirements
that have been recruited.
2) Issuing periodic follow-up reports of the plan by the e-Government Transactions Committee –
Digital Transformation Committee – at the agency or by other committees acting on their behalf.
3) Studying and analyzing periodic reports and issuing decisions and corrective actions based on
the results of periodic follow-upreports.

1) The mechanism adopted to follow up and measure the impact of competencies building
programs in the field of digital transformation that meet the compliance requirements of this
standard (3 samples).
Supporting 2) A sample of periodic follow-up reports to implement the competencies building plan in the field
documents of digital transformation.
3) A sample of meeting minutes proving that the e-Government Transactions Committee - Digital
Transformation Committee – has studied the periodic reports, followed up on the
implementation and took corrective decisions.

▪ Council of Ministers’ Resolution No. (555) dated 23/09/1440 AH, Paragraphs No. (1) and (3) of
Related Orders, Clause (Ninth).
Resolutions and ▪ Council of Ministers’ Resolution No. (418) dated 25/07/1442 AH, Paragraph No. (11) of Article (4)
Circulars of the Digital Government Authority's Regulations.
▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph (2).

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

31
 5.6.3 Cooperation in building competencies in digital transformation

Activating cooperation with other government agencies to build the competencies of the agency's
Objective
employees at the intermediate and lower job levels.

1) Signing memorandums of understanding or cooperation agreements with other government agencies

that achieve integration in the completion of the agency's capacity-building programs.
Compliance
2) Preparing follow-up reports that show joint programs that have been implemented to build
Requirements
competencies in the field of digital transformation, the names of the trainees, and places and dates of
implementation.

1) Samples of memorandums of understanding or cooperation agreements with government agencies

Supporting related to competencies building programs that meet the compliance requirements of this standard.

documents 2) A sample of follow-up reports for joint competencies building programs that meet the compliance
requirements of this standard.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).

Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

32
Third Section: Processes and operation
5.7. Work procedures

The axis includes the standards and requirements of the process through which work procedures and processes in the
government agency are designed and documented. Work procedures are designed in a clear sequence according to Laws,
Regulations and responsibilities specified in the agency's organizational structure, in order to enable automation and digital
transformation.

5.7.1 Identifying all processes and work procedures

Identifying all government agency's processes and procedures and updating the inventory lists on
Objective an ongoing basis.

1) Identifying all procedures and processes within the agency to include, at a minimum, the
following:
a. Name and brief description of the process or procedure.
Compliance b. Department/ unit owning the procedure.
Requirements c. Classification of each procedure (main, supporting, administrative).
d. Degree of importance of each procedure according to a mechanism established by the
agency.
e. Specifying the level of automation (fully automated, partially automated, traditional).

Supporting
1) Attaching the procedures document that meet the compliance requirements of this standard.
documents

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

33
 5.7.2 Documenting and measuring the performance of processes and procedures
Carrying out comprehensive documentation and measuring the performance of processes and
Objective
procedures effectively.

1) Documenting the administrative works and procedures of the processes and procedures clearly
and accurately and approving them by the chief officer at the agency or his representative.
2) Developing cards to document all processes and procedures clearly and accurately, and
approving them by the chief officer at the agency or his representative. These cards shall
include the following elements:
a. Name of process and procedure.
b. Unified and unique code for the process or procedure.
c. A brief description of the process or procedure.
Compliance d. Person in charge of the process or procedure (agency/ department/ sector).
Requirements e. Classification of the process or procedure (main, administrative, supporting).
f. Level of importance.
g. A procedure flow diagram showing the functions and roles (BPMN) or a documentation
method.
h. Performance indicators for the process or procedure at the activity level within the
procedure.
3) Measuring the procedures performance through the approved indicators for each process or
procedure in the card that has been developed.
4) Periodic follow up of the procedure performance and identification of improvement
opportunities.

1) Attaching documents proving that the administrative works and procedures of processes and
procedures have been documented and approved by the chief officer in the agency or his
representative.
2) Attaching various samples (3 samples) from different departments (outside the procedures and
Supporting
processes of IT Department) of procedures documentation cards that meet the compliance
documents
requirements of this standard.
3) Attaching various samples (3 samples) of reports showing that the agency has measured the
approved performance indicators.
4) Attaching various samples (3 samples) of periodic follow-up reports showing the
improvements made to the processes or procedures.

Related Orders,
▪ Council of Ministers’ Resolution No. (40) dated 27/02/1427 AH, Paragraph No. (10).
Resolutions and
▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph (6).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

34
 5.7.3 Re-Engineering of Processes and Procedures

Continuous improvement, development and re-engineering of the processes and procedures to

Objective
ensure operational efficiency.

1) Redesigning and continuously improving the administrative works and procedures of the
agency's services and works, to include the following:
a. Justifications for improvements made to each procedure according to qualitative and
quantitative analysis.
Compliance b. Adopting a mechanism for numbering improved copies and update date.
Requirements c. Documenting the areas of improvement implemented on the process or procedure, the
expected impact of this improvement and its measurement mechanism by updating
performance indicators and its follow up mechanism.
d. Involving relevant departments and units in improvement processes.
e. Linking digital services to and benefiting from improved procedures.

1) Attaching 5 diverse and recent samples of re-engineered procedures in accordance with the
compliance requirements, showing the following:
a. Justifications for improvements made to each procedure according to qualitative and
quantitative analysis.
Supporting
b. A mechanism for numbering improved copies and update date.
documents
c. Areas of improvement implemented on the process or procedure, the expected impact of
this improvement and its measurement mechanism.
d. Departments involved in improving and redesigning procedures.
e. Services associated with improved procedures.

Related Orders,
Resolutions and ▪ Council of Ministers’ Resolution No. (40) dated 27/02/1427 AH, Paragraph No. (11).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

35
 5.7.4 Automation of Processes and Procedures
Objective Automating processes and procedures to reduce human intervention and increase work efficiency.

1) Automation of processes and procedures, and automation process shall include performance
indicators of each process.
2) Utilizing all available modern technologies to automate processes and procedures (such as
Compliance
RPA, Low-Code technologies, etc.).
Requirements
3) Developing follow-up screens that issue periodic reports to monitor the implementation of
automated processes and procedures, and measure performance indicators in real time.
4) Issuing periodic reports showing the success rates of partially or fully automated processes and
procedures to identify the levels of progress in automating processes and procedures.

1) Attaching diverse and recent samples of the automated procedures screens (5 samples).
2) Attaching evidences proving that the agency used modern technologies to automate processes
Supporting and procedures.
documents 3) Attaching diverse samples (3 samples) of follow-up screens that measure performance
indicators in real time.
4) Sample of periodic follow-up reports that allow to monitor the success rates of automated
processes and procedures (3 samples).

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (7).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

36
 Fourth Section: Risks Management & Business Continuity
5.8. Risks Management

The axis includes standards and requirements to enhance the agency's ability to identify risks that will affect the continuity of
digital government services and to understand, analyze and address these risks to ensure business continuity at government
agencies and proactive identification of risks.

5.8.1 Building a policy and a governance for risk management system

Establishing components and elements for governance of risks management system, and defining
Objective the roles, responsibilities and powers of those concerned to support the implementation of the risk
management system within the agency effectively, in line with the agency's strategic objectives.

Compliance requirements to be met by all government agencies

1) Establishing an administrative unit responsible for the risks management system adopted by
the agency, in line with the approved organizational structure.
2) Appointing an officer to manage the risks management system with sufficient competencies
and powers.
3) Defining roles and responsibilities for the risks management system.
4) Assigning a team to carry out the roles, responsibilities and tasks in the risks management
system, based on the needs and business of the agency.
5) The agency's senior management shall establish an internal steering committee to supervise
the agency's risks management system, chaired by the chief officer at the agency or his
representative.
6) Developing the charter of the steering committee responsible for the risks management
Compliance
system, after its approval and circulation by the agency's senior management.
Requirements
7) Conducting the meetings of the steering committee periodically.
8) Creating and adopting a risk management policy in line with the agency's objectives and
sharing it with stakeholders.
9) Creating and adopting a risk management framework document and sharing it with
stakeholders.
10) Creating and adopting risks management procedures and sharing it with stakeholders.
11) Creating a risk register form for all administrative units in the agency and updating it
periodically, to include the following:
a. Risk identifier.
b. Risk owner.
c. Risk description.
d. Root causes and consequences of the risk.

Digital Transformation Basic Standards DGA-1-2-1-111

37
 e. Assessment of latent risk (latent impact, latent probability, degree of latent risk).
f. Controls applied to reduce the impact and risk occurrence probability.
g. Assessing the effectiveness of controls applied.
h. Assessing the residual risk (degree of latent risk and effectiveness of controls applied).
i. Risks Treatment Strategy.
j. Planned treatment plans to deal with the risk.
k. Owner of risk treatment plans.
l. Completion date of risks treatment plans.
m. Implementation rate and status of risks treatment plans.
12) Preparing an annual plan to assess the risks of all administrative units in the agency, and
approve this plan by the authorized person.

Compliance requirements to be met by the concerned government agencies specified in Appendix

No. 7.6

13) Assessing the maturity level of the current risks management system in the agency, and
determining the maturity level to be reached within a specified period of time.
14) Creating and adopting risks management strategy.
15) Implementing the roadmap to achieve the risk management objectives and reach the targeted
maturity level.
16) Creating the risks leaders document in the agency to coordinate, implement and follow up on
risk management works and submit relevant reports.
17) Creating risks reporting document.
18) Implementing reporting mechanism with standardized forms and channel for reporting risks.
19) Creating a dashboard to display the agency's risk statistics, including, but not limited to
(number of risks, risks ratings, risk assessment, etc.).
20) Creating and adopting a document of levels of acceptance and risk tolerance for the agency in
line with the agency’s strategic directions and objectives, and sharing it with stakeholders.

Documents required from all government agencies

1) Attaching the approved organizational structure of the administrative unit responsible for the
risk management system, and everything needed to meet compliance requirements.
2) Attaching the decision to appoint the risk management system administrator.
Supporting 3) Attaching a document that documents the roles and responsibilities of the administrative unit
documents responsible for the risks management system.
4) Attaching samples of the job description of the risks management system staff.
5) Attaching the decision to form the steering committee responsible for overseeing the risks
management system and everything needed to meet the compliance requirements.
6) Attaching the charter of steering committee responsible for overseeing the approved risks

Digital Transformation Basic Standards DGA-1-2-1-111

38
 management system and everything needed to meet the compliance requirements.
7) Attaching adequate samples of the minutes of meetings of steering committee responsible for
overseeing the risks management system.
8) Attaching a documented and approved risks management policy, and providing evidences that
it has been shared with stakeholders.
9) Attaching a documented and approved risks management framework, and providing evidences
that it has been shared with stakeholders.
10) Attaching documents showing documented and approved risk management procedures, and
providing evidences that they have been shared with stakeholders.
11) Attaching the risk register form used by the agency, in accordance with the compliance
requirements of this standard.
12) Attaching the annual risk assessment plan for all administrative units in the approved agency.

Documents required from the concerned government agencies specified in Appendix No. 7.6

13) Attach the assessment report of the maturity level of the agency's current risk management
system.
14) Attaching a documented and approved risk management strategy, and everything needed to
meet the compliance requirements.
15) Attaching documents that demonstrate that the roadmap has been implemented to achieve
risks management objectives.
16) Attaching the approved risks leaders document, in accordance with the compliance
requirements of this standard.
17) Attaching the approved risks reporting document.
18) Attaching the documents proving the application of the risks reporting mechanism.
19) Attaching sample of the risk information display boards used in the agency.
20) Attaching the levels of acceptance and tolerance of approved risks document, in accordance
with the compliance requirements of this standard.

Related Orders, ▪ Digital Government Authority’s Circular No. (2044) dated 28/12/1443 AH, on Risks
Resolutions and Management Controls.
Circulars ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (19).

All government agencies and the concerned government agencies specified in Appendix No. 7.6, as
Scope
indicated in this card.

Digital Transformation Basic Standards DGA-1-2-1-111

39
 5.8.2 Identification, analysis, assessment and treatment of risks
Identifying and assessing the internal and external risks, determining risks probability occurrence
and their expected impact on the achievement of objectives and strategies, and developing
Objective
appropriate solutions to address risks to reduce their occurrence probability and/or mitigate their
impacts.

Compliance requirements to be met by all government agencies

1) Understanding the work environment to identify internal and external risks and threats at the
level of the agency and administrative units by holding workshops with risks owners.
2) Issuing and documenting the risk register, to include:
a. Identification of internal and external risks and threats and reflect them in the agency's risk
register.
b. Analysis and assessment of internal and external risks and threats and reflect them in the
agency's risk register.
c. Identifying appropriate treatment plans for each risk.
3) Sharing and approving the risks register of the relevant administrative unit by the risks owners
Compliance
and the chief officer of the administrative unit.
Requirements
4) Submitting periodic reports showing the results of the risks assessment to the steering
committee responsible for the risks management system and stakeholders based on the
approved frequency in the risks management framework.

Compliance requirements to be met by the concerned government agencies specified in Appendix

No. 7.6

5) Identifying, analyzing and assessing the most important risks or major risks at the agency's level
using a top-down or bottom-up methodology.
6) Specifying the appropriate treatment plans for the most important risks or major risks at the
agency's level and the implementation completion date.
7) Identifying key risk indicators (KRIs) at the agency level.

Documents required from all government agencies

1) Attaching a sample of documents proving that workshops have been convened with the risk
owners, in accordance with the compliance requirements of this standard.
Supporting 2) Attaching the updated risks register, in accordance with the compliance requirements of this
documents standard.
3) Attaching a sample of the documents proving the sharing and approving the risks register of the
relevant administrative unit by the risk owners and the chief officer of the administrative unit.
4) Attaching samples of reports showing the results of risks assessment to the steering committee
responsible for the risks management system.

Digital Transformation Basic Standards DGA-1-2-1-111

40
 Documents required from the concerned government agencies specified in Appendix No. 7.6

5) Attaching a register of the most important risks or major risks. This register shows the
appropriate treatment plans at the agency level and the implementation completion dates.
6) Attaching Key Risks Indicators (KRIs) document.

Related Orders, ▪ Digital Government Authority’s Circular No. (2044) dated 28/12/1443 AH, on Risks Management
Resolutions and Controls.
Circulars ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (19).

All government agencies and the concerned government agencies specified in Appendix No. 7.6, as
Scope
indicated in this card.

5.8.3 Review, follow up and communication about risks

Controlling and monitoring risks to ensure the improvement of quality and effectiveness of risks
Objective
assessment and treatment process.

Compliance requirements to be met by all government agencies

1) Updating the agency's risks register by those responsible for risks management, to include:
a. Periodically controlling and monitoring the status of the agency's identified internal and
external risks.
b. Monitoring addressed controls and plans and evaluating their effectiveness periodically.
c. Periodically following up on the implementation rates of risks treatment plans within the
specified time period.

Compliance 2) Submitting risk reports to senior management, internal and external committees and

Requirements stakeholders based on the approved frequency in the risks management framework, including,
but not limited to, the following:
a. Comprehensive risks status report.
b. Top risks report.
c. Key risk indicators report.

Compliance requirements to be met by the concerned government agencies specified in Appendix

No. 7.6

3) Periodically update the most important risks or key risks, and key risk indicators (KRIs).

Documents required from all government agencies

1) Attaching documents proving the periodic updating of the risks register, which meets the
Supporting compliance requirements of this standard.
documents 2) Attaching adequate samples of comprehensive risk status reports that have been submitted to
senior management, internal and external committees and stakeholders, which meet the
compliance requirements of this standard.

Digital Transformation Basic Standards DGA-1-2-1-111

41
 Documents required from the concerned government agencies specified in Appendix No. 7.6

3) Attaching samples of documents proving the periodic update of the most important risks, and
samples of key risk indicators (KRIs).

Related Orders, ▪ Digital Government Authority’s Circular No. (2044) dated 28/12/1443 AH, on Risks Management
Resolutions and Controls.
Circulars ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (19).

All government agencies and the concerned government agencies specified in Appendix No. 7.6, as
Scope
indicated in this card.

5.8.4 Training and raising-awareness of risk management

Training all employees and stakeholders and raising awareness of risk management to ensure that
Objective
the agency's objectives and strategies are met.

Compliance requirements to be met by all government agencies

1) Analyzing training needs in cooperation with the administrative unit concerned with human
resources within the agency to understand the training requirements of risks management.
2) Developing and implementing a training plan for risk management staff and risk leaders
commensurate with the roles and responsibilities stipulated in the agency's risks management
system.
3) Developing and implementing a plan for risks management awareness campaigns for the
agency's employees to promote risk culture, using one of the following activities:
a. Awareness messages through different communication channels.
Compliance
b. Global and local risks reports and newsletters.
Requirements
c. Awareness workshops, meetings and open discussions.
d. Risks Awareness Week.
e. Digital education platforms.
4) Reviewing and updating the awareness campaigns plan and promoting risks management
culture in the agency on an annual basis.

Compliance requirements to be met by the concerned government agencies specified in Appendix

No. 7.6

5) Developing and implementing a training plan for risks leaders that correspond to the roles and
responsibilities stipulated in the agency's risks management system.

Documents required from all government agencies

1) Attaching the training needs report in cooperation with the administrative unit concerned with
Supporting
human resources.
documents
2) Attaching the training plan for risks management employees, and samples of documents
proving the implementation of the training plan for risks management employees.

Digital Transformation Basic Standards DGA-1-2-1-111

42
 3) Attaching the risks management awareness program of the agency's employees, and samples of
documents proving the implementation of the risk management awareness program to the
agency's employees.
4) Attaching samples of the documents proving the review and update of the awareness campaigns
plan and deploying risks management culture in the agency.

Documents required from the concerned government agencies specified in Appendix No. 7.6

5) Attaching the training plan and samples of documents proving the implementation of the
training plan for risks management leaders.

Related Orders, ▪ Digital Government Authority’s Circular No. (2044) dated 28/12/1443 AH, on Risks Management
Resolutions and Controls.
Circulars ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (19).

All government agencies and the concerned government agencies specified in Appendix No. 7.6, as
Scope
indicated in this card.

5.8.5 Continuous development and improvement of risk management

Reviewing risks management procedures and processes to improve the agency's capacity, raise the
Objective
effectiveness level of risks management system and apply best practices and standards.

Compliance requirements to be met by all government agencies

1) Reviewing and updating the documents of the risks management system periodically according to the
approved review mechanism for each document or when a fundamental change occurs to the agency's
strategic or operational objectives, to include the following:
a. Risks management policy.
b. Risks management strategy.
c. Risks management framework.
d. Risks management procedures.
e. Acceptance and tolerance levels of risks document.
Compliance
2) Using and developing standardized forms to implement risk management processes at the agency
Requirements level, including, but not limited to (risk register, risk escalation and acceptance forms, risk reports,
risk dashboards).
3) Reviewing the effectiveness of implementing and applying the risk management system on an annual
basis, using one of the following review methods:
a. Self-assessment
b. KPI assessment
c. Internal or external audit/ review.
4) Reporting the review results of effectiveness of implementing and applying risks management system,
and compliance assessment results to senior management and steering committee responsible for the
risk management system, to ensure that appropriate corrective actions are taken.

Digital Transformation Basic Standards DGA-1-2-1-111

43
 Compliance requirements to be met by the concerned government agencies specified in Appendix No.
7.6

5) Preparing a mechanism for archiving and storing the risk management system data and documents to
ensure the business continuity of the administrative unit.
6) Implementing and developing an annual plan to assess the level of compliance with relevant
regulatory controls.

Documents required from all government agencies

1) Attaching documents proving the risk management system documents have been reviewed and
updated, in accordance with the compliance requirements of this standard.
2) Attaching the models for implementing risk management processes used in the agency.
3) Attaching the annual report of the review results of the effectiveness of implementing and applying
the risk management system.
Supporting 4) Attaching evidence on reporting the review results of effectiveness of implementing and applying

documents risks management system, and compliance assessment results to senior management and steering
committee responsible for the risk management system, to ensure that appropriate corrective
actions are taken.

Documents required from the concerned government agencies specified in Appendix No. 7.6

5) Attach a document clarifying the mechanism of archiving and storing the risk management system
data and documents in the agency.
6) Attaching the annual plan to assess the level of compliance with relevant regulatory controls.

Related Orders, ▪ Digital Government Authority’s Circular No. (2044) dated 28/12/1443 AH, on Risks Management

Resolutions and Controls.

Circulars ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (19).

All government agencies and the concerned government agencies specified in Appendix No. 7.6, as
Scope
indicated in this card.

Digital Transformation Basic Standards DGA-1-2-1-111

44
 5.9. Business Continuity
The axis includes the standards and requirements for the government agency to continue providing its priority activities at
predetermined levels after an interruption, and enhance its flexibility to respond to any interruption it encounters, and enable it
to restore its priority products and services within a specific time.

5.9.1 Establishment of Business Continuity System

Developing the general framework and defining the roles and tasks of the concerned persons and
Objective departments involved in planning, implementing, reviewing, and developing a Business Continuity
Management System (BCMS).

1) Appointing an officer to manage the business continuity system who has the competencies and
powers to manage the business continuity system.
2) Appointing a team to carry out the roles and responsibilities in the business continuity
management system, consisting of a sufficient number of qualified employees.
3) Establishing a steering committee responsible for following up the implementation of the
business continuity management system in the agency, chaired by the head of the agency or his
deputy. The steering committee shall have the necessary powers to support the business
continuity system.

Compliance 4) Developing the charter of the steering committee responsible for the business continuity

Requirements system, after its approval and circulation by the agency's senior management.
5) Developing and approving the business continuity policy and reviewing it periodically, or when
a fundamental change occurs in the operation environment or the agency's strategic objectives.
6) Establishing and approving the agency's business continuity management framework.
7) Enhancing business continuity management system by allocating responsibilities and roles to
the system, to clarify:
a. Those responsible for business continuity plans of concerned departments.
b. Coordinators for business continuity plans from the concerned departments (business
continuity leaders).
c. Recovery team of technical and communication disasters of business continuity system.

1) Attaching evidence of the appointment of the business continuity management officer.

2) Attaching evidence of the appointment of a team that assumes roles and responsibilities in the
business continuity management system, and clarifying the roles and responsibilities of the
Supporting team.
documents 3) Attaching the decision to form the steering committee responsible for overseeing the activities
of the business continuity system.
4) Attaching the documented and approved charter of the steering committee, and clarifying its
competencies, powers and membership, in a manner that meets all compliance requirements.

Digital Transformation Basic Standards DGA-1-2-1-111

45
 5) Attaching a documented and approved business continuity management policy, and evidence
on the periodic review thereof, in accordance with the compliance requirements of this
standard.
6) Attaching the approved business continuity management framework document, in a manner
that meets all compliance requirements.
7) Attaching document indicating those responsible for business continuity plans of concerned
departments.
8) Attaching document indicating the coordinators for business continuity plans from the
concerned departments (business continuity leaders).
9) Attaching document indicating the recovery teams of technical and communication disasters of
business continuity system.

Related Orders, ▪ Digital Government Authority’s Circular No. (1878) dated 24/09/1443 AH, on Business
Resolutions and Continuity Management Standards.
Circulars ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (19).

Scope All government agencies.

5.9.2 Training and awareness of business continuity management system

Raising awareness of all employees and relevant parties about business continuity and enhancing
Objective their training on their roles and responsibilities within the scope of business continuity
management system.

Compliance requirements to be met by all government agencies

1) Analyzing training needs in collaboration with HR to develop training requirements for business
continuity management system skills.
2) Ensuring that employees have been trained on multiple skills to manage business continuity
system, and developing job succession plans (to avoid single points of failure) of business
continuity system activities.
3) Implementing a program to deploy the culture of business continuity in the agency; through
Compliance
training and specialized workshops for all parties participating in the business continuity system
Requirements
at least once a year, and when a fundamental change occurs in the agency operations.

Compliance requirements to be met by the concerned government agencies specified in Appendix

No. 7.6

4) Sharing the approved business continuity policy with internal stakeholders.

5) Convening awareness workshops on business continuity management for senior management

at the agency level.

6) Convening awareness workshops for business continuity leaders at the agency level.

Digital Transformation Basic Standards DGA-1-2-1-111

46
 Documents required from all government agencies

1) Attaching the approved plan or document that includes the training needs and training
requirements of business continuity for the employees of the unit concerned with the
management of the business continuity system.
2) Attaching evidences on the implementation of awareness workshops and campaigns on
business continuity management, showing that the employees have been trained on multiple
skills to manage the business continuity system, and the job succession plan for the business

Supporting continuity unit's employees as approved by the agency.

documents 3) Attaching evidences on the implementation of special training awareness programs for those
involved and participating in the business continuity system.

Documents required from the concerned government agencies specified in Appendix No. 7.6

4) Providing evidences on sharing the approved business continuity policy with internal
stakeholders.
5) Providing evidences on convening awareness workshops on business continuity management
for senior management at the agency level.
6) Providing evidences on convening awareness workshops for business continuity leaders at the
agency level.

Related Orders, ▪ Digital Government Authority’s Circular No. (1878) dated 24/09/1443 AH, on Business
Resolutions and Continuity Management Standards.
Circulars ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (19).

All government agencies and the concerned government agencies specified in Appendix No. 7.6, as
Scope
indicated in this card.

Digital Transformation Basic Standards DGA-1-2-1-111

47
 Analyzing the impact of business interruption and assessing risks and threats to the
5.9.3
business continuity system
Analyzing the impact resulting from the interruption of processes and procedures that provide
products and services in the agency, determining the targeted recovery time for key services after
Objective an interruption, and assessing risks, internal and external threats and critical points of failure that
may affect priority activities and determining their expected impact in the event of an interruption
or disturbance, and developing solutions to address or mitigate their impact.

Compliance requirements to be met by all government agencies

1) Inclusion of all internal and external processes and procedures carried out by the agency,
determining internal and external approvals, and appointing a staff for the processes and
procedures that have been included.
2) Analyzing the impact of the business interruption using the agency’s approved interruption
impact assessment matrix, according to the extent of acceptance of impact and risks adopted by
the agency, and reviewing the analysis of the business interruption impact at least annually, or
when a fundamental change occurs in the agency’s operations or strategic objectives.
3) Specifying the targeted recovery period of critical business services, and recovery time
objectives (RTO).
4) Determining the human, logistical and technical resources, infrastructure and alternative
procedures necessary to implement the service or procedure after the interruption.
5) Submitting a comprehensive report on business interruption impact analysis to the steering

Compliance committee for approval.

Requirements 6) Assessing and reviewing risks and threats to the continuity of the agency's business on an
ongoing basis, and aligning them with the agency's approved risk management methodology.
7) Identifying and monitoring risks and threats that may interrupt or disrupt the priority operations
and actions of the agency, and aligning them with the relevant parties.
8) Determining the impacts of internal and external risks on the agency’s operations and
procedures.
9) Identifying and evaluating controls applied to deal with the risks and threats that affect the
continuity of the agency’s business.
10) Determining the appropriate additional or compensatory controls to confront risks and threats
that affect the continuity of the agency’s business.
11) Presenting the risk and threat assessment results to the business continuity steering committee,
as part of the results of analyzing business interruption impact analysis, for approval.

Digital Transformation Basic Standards DGA-1-2-1-111

48
 Compliance requirements to be met by the concerned government agencies specified in Appendix
No. 7.6

12) Determining the Medium-Term Development Plan (MTDP) for business interruption of products,
services, processes and activities, and Minimum Business Continuity Objective (MBCO).
13) Classifying the importance level of government platforms and applications and adhering to the
targeted recovery times for each level, according to the interruption impact assessment matrix
issued by the Digital Government Authority through (Raqmi) portal.

Documents required from all government agencies

1) Attaching an approved list or register of all internal and external processes and procedures used
to analyze the impact of business interruption.
2) Attaching Interruption Impact Matrix.
3) Attaching samples of reports showing the results of business interruption impact analysis,
including the recovery time objectives (RTO), to be approved by the steering committee or the
stakeholders.
4) Attaching evidences on the inclusion of human, logistical and technical resources, infrastructure
and alternative procedures necessary to implement the service or procedure after the
interruption.
5) Attaching evidence on sharing the results of business interruption impact analysis with the
steering committee and its approval by the committee.
Supporting 6) Attaching reports indicating that the business interruption impact analysis has been reviewed.
documents 7) Attaching sample of the results of risk and threat assessment and risks treatment strategies and
their impact within the business continuity system, in accordance with the requirements of this
standard.
8) Attaching evidences on the submission of the report of the risk assessment report that affects
the business continuity of the agency, as submitted to the relevant committees.

Documents required from the concerned government agencies specified in Appendix No. 7.6
9) Sample of business interruption impact analysis results reports, including recovery time
objectives (RTO), Medium-Term Development Plan (MTDP) and Minimum Business Continuity
Objective (MBCO), as approved by the steering committee or stakeholders.
10) Evidences on the classification of the importance level of government platforms and
applications and adhering to the targeted recovery times for each classification, according to the
interruption impact assessment matrix issued by the Digital Government Authority through
(Raqmi) portal.

Related Orders, ▪ Digital Government Authority’s Circular No. (1878) dated 24/09/1443 AH, on Business
Resolutions and Continuity Management Standards.
Circulars ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (19).

All government agencies and the concerned government agencies specified in Appendix No. 7.6, as
Scope
indicated in this card.

Digital Transformation Basic Standards DGA-1-2-1-111

49
 5.9.4 Defining a Business Continuity Strategy
Defining business continuity recovery strategies that provide solutions according to the outputs of
Objective business interruption impact analysis, and risk and threat assessment, and developing a roadmap to
improve the efficiency of various business continuity plans.
Compliance requirements to be met by all government agencies
1) Defining recovery strategies, including technical systems, digital services, telecommunications,
backup systems and remote solutions, whether within the agency or hosted on cloud computing
or managed by third parties.
2) Approving recovery strategies by the business continuity steering committee.
3) Reviewing recovery strategies at least annually, or when a fundamental change occurs in the
agency's operational or strategic objectives.
Compliance
Compliance requirements to be met by the concerned government agencies specified in Appendix
Requirements
No. 7.6
4) Analyzing cost-benefit to measure and prioritize the effectiveness of business continuity
management strategies and solutions, and approving the same by the business continuity
steering committee.
5) Determining main suppliers and services assigned to external parties according to the outputs
of the business interruption impact analysis. Suppliers and services must undergo further
scrutiny to ensure that resilience of the supply chain is strengthened.
Documents required from all government agencies
1) Attaching adequate samples of recovery strategies that meets the compliance requirements of
this standard.
2) Attaching evidences on the adoption of recovery strategies by the business continuity steering
Supporting committee.
documents 3) Attaching evidences on the review of the agency's approved strategies.
Documents required from the concerned government agencies specified in Appendix No. 7.6
4) Attaching evidences on the implementation of the cost-benefit analysis of the business
continuity strategies and its submission to the business continuity steering committee.
5) Attaching evidences on the determination of the main suppliers and services assigned to
external parties according to the outputs of the business interruption impact analysis.

Related Orders, ▪ Digital Government Authority’s Circular No. (1878) dated 24/09/1443 AH, on Business
Resolutions and Continuity Management Standards.

Circulars ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (19).

All government agencies and the concerned government agencies specified in Appendix No. 7.6, as
Scope
indicated in this card.

Digital Transformation Basic Standards DGA-1-2-1-111

50
 5.9.5 Building business continuity plans and providing alternative backup data centers
Identifying and documenting procedures based on the outputs of selected strategies and solutions,
thus building IT disaster recovery plans in addition to accidents response plans and business
Objective
continuity plans, and thereby contributing to ensuring the agency's capability to respond to crises,
interruptions, or emergencies, and thus reducing the impact on its operations.

Compliance requirements to be met by all government agencies

1) Preparing and approving business continuity plans based on approved business continuity
management strategies.
2) Reviewing and testing business continuity plans at least once a year, or when a fundamental
change occurs at the agency.
3) Finding alternative backup centers for storing data, and centers for sensitive systems for storing,
operating and testing data in accordance with the international standards.
4) Identifying key objectives of the ICT disaster recovery plan including dependencies on external
suppliers and any outsourced services.
5) Creating ICT recovery plans to restore digital platforms, applications, services and data in a
timely manner to achieve the recovery time objectives (RTO) of the agency.
6) Defining backup and recovery methods and procedures to restore system operations quickly and
effectively after a service interruption.
7) Communicating with the Digital Government Authority in the event of an interruption of digital
services according to the user guide to report the interruption of digital government services
Compliance
through (Raqmi) portal.
Requirements
8) Documenting events in the event of an interruption of operations, explaining the responsibilities
and powers related to the collection, approval and updating of activity records, job test results
and data, lessons learned and post-incident report.
9) Ensuring that information security and cybersecurity regulations are activated at all times,
especially when activating the ICT disaster recovery plan for alternative sites.
10) Testing and reviewing ICT disaster recovery plans at least once a year, or when a fundamental
change occurs to the agency's IT infrastructure, to ensure its readiness in the event of any
interruption.
11) Creating and approving incidents response plan.
12) Reviewing and testing the incident response plan periodically at the agency.

Compliance requirements to be met by the concerned government agencies specified in Appendix

No. 7.6

13) Establishing and approving a media communication and response plan, including procedures for
dealing with relevant external parties.
14) Reviewing and testing the media response plan periodically at the agency.

Digital Transformation Basic Standards DGA-1-2-1-111

51
 Documents required from all government agencies

1) Attach sufficient samples of the agency’s approved business continuity plans to meet all
compliance requirements
2) Attaching evidences on the review of the business continuity plans and samples of reports of
business continuity plans testing results.
3) Attaching maintenance and operation contracts that include the alternative disaster recover
(DR) centers for keeping data, and centers for sensitive systems for keeping data and operating
and testing the procedures, in accordance with the international standards adopted by the
agency.
4) Attaching sample of ICT disaster recovery plans associated with the agency's digital platforms,
applications, services, and data that meet the compliance requirements of this standard.
5) Attaching the backup and recovery procedures document for the defined processes within the
business interruption impact.
Supporting
6) Attaching adequate samples showing reporting of digital services interruption to the Digital
documents
Government Authority.
7) Attaching a sample of the event documentation record in the event of interruptions or during
the periodic tests of plans.
8) Attaching adequate samples proving the activation of information security and cybersecurity
controls during the activation or testing IT disaster recovery plans or evidence on reviewing the
cybersecurity of plans.
9) Attaching adequate samples of reports illustrating the testing and review of technical and
communications disaster recovery plans.
10) Attaching the agency's incident response plan document approved by authorized person to meet
the compliance requirements.
11) Attaching reports showing testing results of incident response plans.

Documents required from the concerned government agencies specified in Appendix No. 7.6

12) Attaching the agency's media response plan document approved by the stakeholder.
13) Attaching reports showing testing results of media response plans.

▪ Council of Ministers’ Resolution No. (82) dated 22/03/1431 AH, Recommendation (14).
▪ Digital Government Authority’s Circular No. (1878) dated 24/09/1443 AH, on Business
Related Orders,
Continuity Management Standards.
Resolutions and
▪ Digital Government Authority’s Circular No. (1533) dated 23/05/1443 AH, on reporting the
Circulars
interruption of digital government services issued to all government agencies.
▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph (19).

All government agencies and the concerned government agencies specified in Appendix No. 7.6, as
Scope
indicated in this card.

Digital Transformation Basic Standards DGA-1-2-1-111

52
 5.9.6 Exercises and tests related to business continuity
Measuring the effectiveness of business continuity plan(s) and the incident response structure to ensure

Objective the application of business continuity policy and achievement of business continuity management
objectives.

1) Creating a table of all tests and exercises for the various business continuity plans, and approving it
Compliance by the business continuity steering committee on an annual basis.

Requirements 2) Implementing the tests and exercises approved by the business continuity steering committee.
3) Documenting the official post-exercise report or planned test.
4) Sharing post-training or testing reports with members of the business continuity steering committee.

1) Attaching the annual tests and exercises document or table approved by the business continuity
steering committee.
Supporting
2) Attaching sample of approved test or exercises reports.
documents
3) Attaching evidences on the documentation of the official post-exercise report or planned test.
4) Attaching evidences on sharing test and exercise reports with the business continuity steering
committee.

Related Orders, ▪ Digital Government Authority’s Circular No. (1878) dated 24/09/1443 AH, on Business Continuity

Resolutions and Management Standards.

Circulars ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (19).

Scope All government agencies.

5.9.7 Continuous documentation and improvement of business continuity system

Documenting the lessons learned from the implementation of the business continuity management
system, actual incidents, exercises, tests and audits results, conducting routine maintenance
activities to maintain and improve the business continuity management system after its
Objective
establishment, improving the agency’s resilience, raising the effectiveness level of the management
system by applying multiple review methods, effectively addressing cases of non-conformity, and
implementing corrective actions to address these cases.

1) Reviewing the business continuity management system periodically (at least annually) through
an internal or external auditor who has sufficient qualifications and experience to implement
Compliance this task.
Requirements 2) Sharing the results of internal and external audits with the business continuity committee to
ensure that corrective action are taken.
3) Ensuring that business continuity plans, ICT recovery plans, media response plan and incident
response plan are developed and updated based on the outputs of the verification phase.

Digital Transformation Basic Standards DGA-1-2-1-111

53
 1) Attaching a report showing the results of the business continuity management system review.
Supporting 2) Attaching evidence on sharing the results of the business continuity management system review
documents with the business continuity committee.
3) Attaching evidence on the development and update of business continuity plans, and fill of gaps
identified by the audit reports.

Related Orders, ▪ Digital Government Authority’s Circular No. (1878) dated 24/09/1443 AH, on Business
Resolutions and Continuity Management Standards.
Circulars ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (19).

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

54
 Fifth Section: Information Technology
5.10. Systems that support digital transformation

The axis includes standards and requirements for the applications and institutional systems architecture that support normal and
digital transformation business.

5.10.1 Usage of Government Resource Systems

Supporting and enabling government agencies to effectively manage and allocate their resources,
Objective enhance transparency, and automate support processes and services through the use of all available
government resources systems units.

1) Implementing key systems for planning government resources and issuing user guides.
2) Issuing periodic reports from the key systems for planning government resources.
3) Providing all self-services to its employees through the electronic portal or smart device
Compliance applications, and issuing user guides.
Requirements 4) The agency provides all self-services to external beneficiaries through the electronic portal or
smart device applications, and issues user guides.
5) Cooperation and participation with internal departments to achieve integration between
government resources systems and related systems of external agencies.

1) One sample of screens and user guides for each part of the resource systems (Human Resources
Management System, Financial System, Procurement and Supply System, Custody and Inventory
Management System, Supplier Management System).
2) 3 Samples of periodic reports issued from the key systems for planning government resources.
Supporting
3) 3 Samples of self-services provided to internal beneficiaries and user guides.
documents
4) 3 Samples of self-services provided to external beneficiaries and user guides.
5) 3 Samples and explanation of complete procedures that illustrate the process of linking and
integrating the agency's resources management systems and internal systems and related
systems in external parties.

Related Orders,
Resolutions and ▪ Council of Ministers’ Resolution No. (40) dated 2/27/1427 AH, Paragraph No. (12).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

55
 5.10.2 Using Digital Project Management Systems

Objective Using Digital Project Management Systems in All Aspects of Digital Projects

1) The agency uses digital systems and tools to manage projects and digitize the processes of
requesting, planning, controlling, monitoring and following up projects, tasks and schedules.
2) Linking digital systems and tools related to projects management with systems for following
up strategic plans and initiatives, financial and procurement systems, control and accounting
Compliance systems, and human resources systems adopted in the agency.
Requirements 3) Controlling the powers of the project management team and other departments to which they
belong through the technical system used.
4) Issuing periodic reports showing the control of tasks related to projects management with
other departments in the agency. These reports indicate the completion rate of each
department.

1) 4 Samples of project management digital systems screens (project request, planning, follow-
up and reporting, deliverables) that meet the compliance requirements of this standard.
2) One sample showing all the interfaces and integrations between the project management
Supporting system and other internal systems.
documents 3) 3 Samples of the technical system showing the control of the powers of the project
management team and other departments.
4) 3 Samples of periodic reports showing the control of tasks related to projects management with
other departments in the agency. These reports indicate the completion rate of each
department.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (10).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

56
 5.10.3 Using Documents Management and e-archiving Systems

Linking and using document management and archiving systems for all transactions, and ensuring
Objective
the preservation and quick access to the documents and data.
1) Implementing the National Center for Archives and Records’ preservation and destruction
policies, and developing what is necessary to ensure their compatibility with the regulations
and procedures followed in the agency.
2) Keeping and archiving the agency's documents, contracts, decisions, letters and data
Compliance
electronically.
Requirements
3) Linking the document management and archiving system to all basic and supporting digital
systems and controlling powers.
4) Issuing periodic reports showing the percentage of departments benefiting from e-archiving
systems.
1) Providing preservation and destruction policies adopted in the agency, which are consistent
with the National Center for Archives and Records’ policies.
2) 3 Samples of documents preservation and archiving systems’ screens used in the agency.
Supporting
3) One sample showing all the interfaces and integrations between the archiving system and all
documents
key and supporting digital systems.
4) Sample of use reports showing the percentage of departments benefiting from e-archiving
systems.
▪ High Order No. (57231) dated 10/11/1439 AH, Clause (First).
Related Orders,
▪ Council of Ministers’ Resolution No. (40) dated 27/02/1427 AH, Paragraph No. (3).
Resolutions and
▪ Council of Ministers’ Resolution No. (555) dated 23/09/1440 AH, Sub-paragraph (A), Paragraph
Circulars
No. (1) of Clause (Ninth).

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

57
 5.10.4 Using digital systems to manage the relationship with beneficiaries

Developing and documenting the customer relations management (CRM) processes across
Objective different channels and following up the progress of those requests and notes to address them as
soon as possible.
1) Using CRM systems with all its components and activating call centers and technical support,
in order to ensure a rapid response to the requirements, complaints and suggestions of
beneficiaries of all segments, and raise their level of satisfaction.
Compliance 2) Linking CRM systems to infrastructure management systems, communication channels with
Requirements beneficiaries, and customer experience systems.
3) Activating digital tools and modern technologies to automate support and rapid response
operations.
4) Activating knowledge management tools to support the relationship officer's access to the
information in a smooth and fast manner.
1) 3 Samples of CRM systems screens.
2) 3 Samples of tickets opened via several different channels.
Supporting 3) Sample digital tools used to interact with the beneficiary, for example: Smart Assistant (Chat
documents bot).
4) Sample of knowledge base used to support the relationship officer's access to the information
in a smooth and fast manner.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (17).

Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

58
 5.10.5 Using E-mail

Activating the role of e-transactions and correspondence in the government agencies’ regular work
Objective
and correspondence, and ensuring their confidentiality.

1) Increasing the rates of using e-mail in daily correspondence.

Compliance 2) Including in e-mails a disclaimer regarding the contents of public or personal government e-
Requirements mails.
3) Hosting government e-mail servers within Saudi Arabia.

1) Submitting a recent report for the last 6 months from the agency's email server showing the
number of messages.
2) Submitting copy of the disclaimer statement that was included in the e-mails of the agency's
employees.
Supporting
3) Submitting copy of the hosting contracts in the event that a contract was concluded with an
documents
agency to host the e-mail. The contracts shall include the required standards and controls
according to the Guide to Controls of Using Information and Communication Technologies.
4) Submitting an official document certified by the authorized person, in the event that e-mail
servers are hosted within the agency’s data centers.

Related Orders, ▪ Council of Ministers’ Resolution No. (40) dated 27/02/1427 AH, Paragraph No. (13).
Resolutions and ▪ Council of Ministers’ Resolution No. (555) dated 23/09/1440 AH, Paragraphs No. (1, 3, 4, 5, 6)
Circulars of Clause (Third).

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

59
 5.11. Technological Services Infrastructure

The axis includes the standards and compliance requirements of an institutional methodology that includes a set of policies,
procedures and methods for the provision of technical services to beneficiaries.

5.11.1 Developing the Management of Technical Services

Developing policies, standards, objectives and processes related to the management of technical
Objective
services and infrastructure, and ensuring the optimal use of technical resources.

1) Developing the objectives and scope of work for the technical services and infrastructure
management system in order to achieve the agency’s strategic objectives in digital
transformation process.
2) Adopting specific policies and standards for management of technical services and
infrastructure in accordance with international best practices, such as ISO20000: ITIL.
Compliance
3) Establishing an overall-quality administrative unit to measure and monitor the quality of IT
Requirements
operations and infrastructure management.
4) Developing official and technical policies to control the use of employees of the agency's
technological assets.
5) Setting controls and rules for the agency's employees when using their personal devices for
work purposes.

1) Attaching documents proving that the agency has committed to developing the objectives and
scope of work for the technical services and infrastructure management system.
2) Attaching documents proving that the agency has adopted specific policies and standards for
management of technical services and infrastructure in accordance with international best
Supporting practices.
documents 3) Attaching the organizational structure of the General Administration of Information
Technology showing the establishment of a unit concerned with overall-quality.
4) Attaching policies adopted to control the use of agency's employees of its technological assets.
5) Attaching controls and rules related to the use of personal devices of employees for work
purposes.

Related Orders, ▪ High Order No. (48310) dated 26/11/1435 AH, Paragraph No. (1).
Resolutions and ▪ Council of Ministers’ Resolution No. (555) dated 23/09/1440 AH, Clause (Fifth) and Paragraph
Circulars No. (1) of Clause (Sixth).

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

60
 5.11.2 Implementing and following up the management of technological services
Following up and controlling the application of standards and policies for management of
Objective
technological services.

1) Automating all processes of managing technological services and infrastructure by taking

advantage of modern technologies and systems in this field.
2) Documenting the results of all development stages of technologies supporting the digital
government businesses, and keeping them as a reference for the continuous development and
improvement processes.
Compliance
3) Following up on the performance indicators of managing technological services and
Requirements
infrastructure, and issuing, studying and analyzing periodic performance reports.
4) Hosting the agency's websites, information and services within Saudi Arabia.
5) Setting electronic controls and restrictions that limit the uploading of large personal files or
unlicensed software by the agency's employees, except as provided for in the relevant
regulations.

1) Attaching adequate documents and samples from the systems screens that prove the agency's
commitment to automating all technological services and infrastructure management
processes, while clarifying the modern technologies and systems used.
2) Attaching documents that show the documentation of the results of all development stages of
technologies supporting the digital government's businesses.
3) Attaching periodic reports that measure, study and analyze the performance of operations of
managing technological services and infrastructure.
Supporting 4) Attaching the hosting contracts, including the clauses stipulated in the Guide to the Controls of
documents Using Information and Communication Technologies in Government Agencies issued by the
Council of Ministers’ Resolution No. (555) dated 23/09/1440 AH, or an official document from
the authorized person, including hosting all the agency's platforms, systems and databases
within the agency's data centers or through other government agencies, or through hosting
service providers licensed by the Communications, Space & Technology Commission.
5) Providing the approved mechanism or a copy of the system screens used in the agency, through
which it ensures that users comply with the approved controls regarding the use of
technological assets and computers in the agency, and prevent the use of unlicensed software.

Related Orders,
▪ Council of Ministers’ Resolution No. (555) dated 23/09/1440 AH, Paragraph No. (3) of Clause
Resolutions and
(Second) and Paragraph No. (2) of Clause (Sixth).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

61
 5.11.3 Integration of technical services management with other systems

Achieving integration between the technological services and infrastructure management

Objective
systems, and the agency's internal systems.

1) Achieving integration between policies and processes of technological service and

infrastructure management systems, and other departmental systems such as quality,
information security, business continuity, and data.
Compliance 2) Achieving internal integration between technological systems and controlling performance
Requirements indicators and periodic reports of the integration process.
3) Working in a coherent and integrated manner with other government agencies to achieve
integration between digital government works, and in line with the beneficiaries’
requirements and needs and in line with regulations issued by the DGA.

1) Attaching the necessary documents and samples from the systems screens and periodic
reports that prove that the agency has committed to achieving integration between
technological services system and other systems of the agency.
2) Attaching the necessary documents and samples from the systems screens and periodic
Supporting documents reports that prove that the agency has committed to achieving internal integration between
technological systems, and indicate the control of performance indicators for the integration
process.
3) Attaching documents showing that the agency has achieved integration with other
government agencies regarding the digital government's works.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

62
 5.11.4 Implementing the rules for regulating free and open source government software.

Enhancing opportunities to reuse government software, while providing the opportunity to view
and publish the source code, thus opening the field for cooperation between government
Objective
agencies, unifying standards among them, increasing transparency, ending the monopoly of
suppliers, and reducing the difficulties of integrating software from more than one source.
1) Issuing the government license for free and open source government software
2) Inventory of open source software that you want to share with government agencies.
Inventory data shall include the following elements: Software asset (product/ tool),
description, programming language, use licenses “if any”, sharing possibility, and availability
of documentation related to open source software.
3) Promoting opportunities to reuse open source government software.
4) Implementing the approved mechanism for purchasing or developing government software,
according to the following steps:
a. Step One: Evaluating and studying the government software available in the repository
for use, in coordination with the DGA.
b. Step Two: If the evaluation and study report concluded that there are no software that
meets the needs, the government agency may search for ready-made software, giving
preference to free and open source software, in coordination with the DGA.
c. Step Three: If there are no software that meets the needs, the government agency then
can build its own software.
Compliance
5) Applying the following provisions and rules related to contracting for building government
Requirements
software, as follows:
a. The supplier delivers the source code and related documents to the government agency.
b. Unspecified rights to the source code and its accessories shall be secured to allow for
reuse, copying, modification and distribution between government agencies, without the
need for the original supplier, while providing an open source for public use of the source
code for all government agencies.
c. The supplier must have high-level quality certificates in the required field of work.
d. A contracting priority is to be given to national suppliers who meet the requests and
technical conditions of the government agency.
e. An emphasis is to be put on government agencies if an additional development of the
process of purchasing commercial software is made. It must be stipulated during the
contracting process that the ownership or right to use this development shall be all
transferred to the government.
Preparing the departments concerned with open source software to interact with the
information software community.

1) Submitting the government license for free and open source government software
Supporting documents 2) Submitting the free open source software inventory document, in accordance with the
compliance requirements of the standard, and the schedule for uploading this document to

Digital Transformation Basic Standards DGA-1-2-1-111

63
 the government software repository.
3) Submitting a report on the list of reused software from the government software repository,
explaining (impact, level of product utilization "pilot phase, some characteristics of the
product, entire product).
4) Providing the approved digital procurement policies and submitting evidences on the
application of the mechanism and procedure through the services available for the open
source software market platform, in accordance with the compliance requirements of this
standard.
5) Attaching sample of the contracts concluded for building government software, including the
required conditions and items, in a clear contractual form in accordance with the compliance
requirements of this standard
6) Submitting the policy, mechanism or commissioning decisions that clarify the agency's
readiness to interact with the information society through the number of contributors of the
government agency to the government software repository.

▪ Council of Ministers’ Resolution No. (14) dated 02/01/1443 AH, as stipulated in the following
paragraphs and topics, and in particular:

Related Orders, ▪ Paragraph No. (1) of Clause ()B): Purpose of the Rules).
Resolutions and ▪ Paragraph No. (2) and (5) of Clause (H: Rules Implementation Considerations).
Circulars ▪ Clause (D: Government Software Purchase Considerations).
▪ Clause (E: Provisions for contracting to build government software).
▪ Clause (F: Software Deployment Considerations.

All government agencies, except for security and military agencies, that are subject to special
Scope
provisions, as stipulated in their bylaws, regulations or internal regulations.

Digital Transformation Basic Standards DGA-1-2-1-111

64
 5.11.5 Launching Bids for Telecommunications Services on Etimad Platform

Achieving efficiency of spending and optimal use of government agencies’ budgets, and emphasizing
Objective the importance of adhering to the methods, procedures and provisions stipulated in the Government
Tenders and Procurement Law.

1) The government agency shall secure its needs of Internet services and digital circuits through the
Framework Agreement for Internet Services and Digital Circuits through the e-market of Etimad
platform.
In the event that the agency does not secure its needs through the Framework Agreement for
Compliance
Internet Services and Digital Circuits (for any reason), the agency shall then achieve the following:
Requirements
1) Offer bids for telecommunications services, whether public expenditures, programs or projects, on
Etimad platform.
2) Register its contracts related to telecommunications services, whether public expenditures,
programs or projects, on Etimad platform.

1) Attaching copy of the electronic marketplace of Etimad platform showing the reference number
and status of the purchase order. The order status shall be:
a. Order completed.
b. Waiting for supply.
c. Pending payment.
Supporting documents
In the event that the agency does not secure its needs through the electronic marketplace, it must
achieve the following:
1) Attaching screenshot of Etimad platform showing the reference number of the bid and its status.

2) Attaching screenshot of Etimad platform showing the contract reference number, contract name
and related bid number.

▪ Royal Decree No. (M/128) dated 13/11/1440 AH, approving the Government Tenders and
Related Orders, Procurement Law.

Resolutions and ▪ Circular of His Excellency the Minister of Finance No. (49989) dated 12/02/1442 AH, Clause (First).

Circulars ▪ Circular of His Excellency the Minister of Finance No. (46973) dated 05/12/1443 AH,.
▪ Circular of His Excellency the Minister of Finance No. (1748) dated 14/01/1445 AH,.

Scope All government agencies

Digital Transformation Basic Standards DGA-1-2-1-111

65
 5.11.6 Inventory of Digital Circuits
Rationalizing the efficiency of spending on digital circuits by detailing the actual and fair need for
Objective the capacities of these circuits, reducing redundant capacities, and eliminating digital circuits that
can be dispensed with.

Compliance 1) Submitting an inventory of all DGA’s telecommunications departments in the inventory form
Requirements available on "Raqmi" Platform, and continuously updating the inventory lists.

1) Attaching copy of the inventory form uploaded to the agency's website, including all digital
Supporting documents circuits within the agency. The inventory of digital circuits will be verified through the
agency's checklists.

▪ Circular of His Excellency the Minister of Finance No. (49989) dated 12/02/1442 AH, Clause
(Second).
Related Orders,
▪ Digital Government Authority’s Circular No. (916) dated 15/01/1443 AH,.
Resolutions and
▪ Council of Ministers’ Direction notified under His Excellency the President of the Royal Court
Circulars
Letter No. (8102) dated 03/02/1444 AH, regarding finding solutions for the governance of
communication services.

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

66
 5.11.7 Using Items dedicated for Digital Circuits and Telecommunication Expenses
The government agency shall use the items dedicated for digital circuits and telecommunications
expenses for the legitimate purchases only in support of the digital transformation journey. The
Objective
government agency shall also increase the control rate and ensure the use of applications and
systems that support normal business.

1) The government agency shall use the clause related to the Unified Framework Agreement No.
(339000113).
In the event that the agency does not use the clause related to the Unified Framework
Compliance Agreement for Digital Circuits Services (for any reason), the agency shall then achieve the
Requirements following:
1) Use the telecommunications services item for the designated purposes, namely: digital
circuits services with an economic classification of (221136) or the Internet services with an
economic classification of (221134).

1) Attaching screenshot of Etimad platform showing the economic classification number used,
Supporting documents the reference number of the contract /invoice, and the name of the contract/ invoice related
to Internet services or digital circuits.

▪ Royal Decree No. (M/128) dated 13/11/1440 AH, approving the Government Tenders and
Procurement Law.
Related Orders,
▪ Circular of His Excellency the Minister of Finance No. (49989) dated 12/02/1442 AH, Clause
Resolutions and
(First).
Circulars
▪ Circular of His Excellency the Minister of Finance No. (46973) dated 05/12/1443 AH,.
▪ Circular of His Excellency the Minister of Finance No. (1748) dated 14/01/1445 AH,.

Scope All government agencies linked to the general budget of the state.

Digital Transformation Basic Standards DGA-1-2-1-111

67
 5.12. Cloud Architecture

The axis includes standards and requirements for using cloud resources, applications and operations that are appropriate for the
agency's current and future businesses.

5.12.1 Establishing a Cloud Computing Unit

Establishing a cloud computing unit to lead the agency through the process of adopting and
Objective
migrating to cloud computing services, in addition to managing all related operations.

1) Establishing a cloud computing unit in the agency.

Compliance
2) Establishing an organization structure for the unit that defines roles and responsibilities and
Requirements
ensures compliance with policies and rules.

Supporting documents 1) Attach the decision to establish a cloud computing unit.

2) Organizational structure document of the unit.

Related Orders,
▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Resolutions and
▪ Council of Ministers’ Resolution No. (555) dated 23/09/1440 AH, Clause (Fourth).
Circulars

All government agencies - with the exception of security and military agencies and the Saudi
Scope
Central Bank from the application scope of all Cloud Architecture" axis's standards.

5.12.2 Preparing and implementing a plan to adopt cloud computing

Promoting and consolidating the adoption of cloud services and integration of data centers by
Objective
government agencies.

1) Preparing a plan for adopting cloud computing and integrating data centers that includes
targets, measurement indicators and scope of work. This plan shall include the following:
a. List of applications classified as migrable data for cloud computing and mechanism
followed.
b. Cloud Reference architecture model for cloud computing adoption.
c. Migration plan and timeline for migration of applications, software, technological

Compliance resources and services to the cloud computing, indicating the targeted dates.

Requirements d. The percentage of adopting current and targeted cloud services for the coming years to

reach a minimum of 50% by 2025.

2) Preparing a report on the list of projects supporting the Cloud Transformation Plan for the year
2024-2025 and the status of progress in the implementation, to include the following:
a. Number of IT projects associated with cloud computing and their total budget.
b. Scope of work (overall) and status and budget of projects associated with cloud computing.
c. Status of projects (implementation timeframe), for example: on the track or late.

Digital Transformation Basic Standards DGA-1-2-1-111

68
 3) Updating the data of the "Government Needs Inventory on Cloud Services" questionnaire
through “Raqmi” Platform ( https://raqmi.dga.gov.sa/cloudsurvey).

Supporting documents
1) Attaching an updated plan for transformation towards cloud services and integration of data
centers for a period of at least two years, and this plan shall meet the compliance requirements
of the standard.
2) Attaching a report of the list of projects supporting cloud transformation plan for the year 2024-
2025, and this report shall meet the compliance requirements of the standard.
3) Updating the “Government Cloud Services Needs Inventory” questionnaire will be verified
through internal checklists.

Related Orders, ▪ Digital Government Authority’s Circular No. (102) dated 09/02/1444 AH, on preparing a plan
Resolutions and for transformation towards cloud solutions.
Circulars ▪ Council of Ministers’ Resolution No. (555) dated 23/09/1440 AH, Clause (Fourth).

All government agencies - with the exception of security and military agencies and the Saudi
Scope
Central Bank from the application scope of all Cloud Architecture" axis's standards.

5.12.3 Activation of Cloud Computing Environment

Objective Activation and Management of Cloud Computing Environment.

1) Aligning the agency's policies and regulations with the policies and regulations issued by the
Digital Government Authority and cloud computing-related entities.
Compliance 2) Using cloud tools and systems to meet business needs and applications on the cloud, ensuring
Requirements improved performance and reduced costs.
3) Preparing, studying and analyzing reports related to controlling usage, costs, performance and
risks in the cloud computing environment.

1) Attaching evidences on the agency's commitment to aligning its policies and regulations with
those related to cloud computing.
2) Attaching 3 samples of screens of cloud tools and systems used that meet the compliance
Supporting documents
requirements of this standard.
3) Attaching reports related to controlling usage, costs, performance and risks in the cloud
computing environment, showing their study and analysis.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Circulars

All government agencies - with the exception of security and military agencies and the Saudi
Scope
Central Bank from the application scope of all Cloud Architecture" axis's standards.

Digital Transformation Basic Standards DGA-1-2-1-111

69
Sixth Section: Whole-of-Government
5.13. Whole-of-government platforms

The axis includes standards and requirements for applying electronic systems and services provided by government agencies. It
targets other government agencies to provide joint government services and solutions, which can be linked to and used to
enhance the whole-of-government concept.

5.13.1 Planning for Linking to shared systems and services

Linking to systems and services provided by other government agencies and promoting the use of
Objective
government agencies of joint technological solutions and infrastructures.

1) Studying and analyzing other government systems and services and determining the agency's
needs of data and jobs periodically.
2) Preparing a plan for linking to shared systems and services, to include the following:
a. A list of shared systems and services to which they have been linked, and to which they
will be linked in the future.
Compliance b. Agency's objectives from linking to each system or service.
Requirements c. Services to be provided or availed through the linking process.
d. Data sets that can be availed through the linking process.
e. Who in charge of the linking process, whether a person, a committee or an administrative
unit.
f. Linking process schedule.
g. A mechanism to follow up on the implementation of the linking plan and performance
indicators allocated to follow up the linking process.

1) Attaching documents proving study and analysis of other government systems and services and
determination of the agency's needs of data and jobs periodically.
Supporting 2) Attaching an approved plan for linking to shared systems and services that proves the agency's
documents commitment to studying and analyzing the government systems and services that it wishes to
link to, and planning the linking process in accordance with the compliance requirements of
this standard. Attaching the decision to appoint the person responsible for each of the shared
systems and services used by the agency.

Related Orders,
▪ Digital Government Authority’s Circular No. (1339) dated 15/11/1444 AH, on Whole-of-
Resolutions and
Government Platforms Controls.
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

70
 5.13.2 Implementing Linking to shared systems and services

Ensuring the implementation of linking to, and maximizing the use of, shared government
Objective
platforms.

1) Implementing linking plans in accordance with the approved mechanisms and schedules and
issuing reports thereon.
2) Adopting the National Unified Access “NAFATH” for digital services that require a digital
identity features or functions.
3) Reusing data available from the National Unified Access “NAFATH”.
4) Adopting various e-payment portals, such as (Tahseel) and(SADAD) for digital services that
need e-collection or e-payment features or functions.
Compliance 5) Taking advantage of the services available in the Unified Electronic Government Procurement
Requirements Portal “Etimad”.
6) Linking to the electronic control system of the General Bureau for Auditing.
7) Issuing periodic reports to follow up on the linking to each service/ system, to include, at a
minimum, the following:
a. Volume of data exchanged.
b. Analysis of peak use times.
c. Number of operations carried out and rejected.
d. Uploaded support tickets cases.

1) Attach periodic reports showing the implementation of linking plans according to the approved
mechanisms and schedules.
2) Attaching adequate samples and screenshots proving the agency's linking to the National
Unified Access “NAFATH” (3 samples).
3) Attaching Reports showing the reuse of data available from the National Unified Access
“NAFATH”.
4) Attaching adequate samples and screenshots proving the agency's use of various e-payment
Supporting documents
portals, such as (Tahseel) and (SADAD) in the digital services it provides (3 samples).
5) Attaching adequate samples and screenshots proving the agency's use of the services available
in the Unified Electronic Government Procurement Portal “Etimad” (3 samples).
6) It is not required to attach proof of linkage to the Electronic Control System "Shamil", and
verification is done through the compliance lists issued by the General Bureau for Auditing.
7) Attaching sample of periodic reports related to the follow-up of the link to each service/
system, in order to meet compliance requirements of this standard.

Related Orders, ▪ High Order No. (57231) dated 10/11/1439 AH, Clauses (Third) and (Seventh).
Resolutions and ▪ Council of Ministers’ Resolution No. (555) dated 23/09/1440 AH, Paragraph No. (2) of Clause

Digital Transformation Basic Standards DGA-1-2-1-111

71
 Circulars (Ninth).
▪ Digital Government Authority’s Circular No. (378) dated 02/06/1444 AH, on activation of
electronic payment channels and unified access.
▪ Digital Government Authority’s Circular No. (1339) dated 15/11/1444 AH, on Whole-of-
Government Platforms Controls.
▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (12) and (14).

Scope All government agencies, and the Saudi Central Bank is exempt from Requirements No. 5 and 6.

5.13.3 Continuous monitoring of shared systems and services

Monitoring the linking processes to shared systems and services and reports of benefiting from
Objective
linking.

1) Studying and analyzing periodic reports and the extent to which the agency's objectives have
been achieved from the linkage processes that have taken place and benefit from shared data.
2) Continuous follow-up of new systems and services to ensure that the infrastructure and all
Compliance
services associated with the shared systems and services are built properly to ensure their
Requirements
continuous operation.
3) Making appropriate decisions based on the periodic reports related to shared systems and
services.

1) Attaching reports proving the study and analysis of the periodic reports and the extent to which
the agency's objectives have been achieved from the linkage processes that have taken place
and benefit from shared data.
Supporting
2) Attaching reports showing the continuous follow-up of new systems and services, in accordance
documents
with the compliance requirements of this standard.
3) Attaching samples of minutes of meetings and decisions taken by the agency based on the
periodic reports.

Related Orders,
▪ Digital Government Authority’s Circular No. (1339) dated 15/11/1444 AH, on Whole-of-
Resolutions and
Government Platforms Controls.
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

72
 5.13.4 Developing and operating shared systems and services (by concerned agencies)

Managing shared systems and services, including procedures that help to facilitate linking of
beneficiary government agencies, managing the requests received in this regard, maintaining their
Objective
levels of operation and maintenance to ensure continuous operation according to the users’ needs, and
ensuring the effectiveness and ease of use.

1) Publishing clear instructions on the procedures for benefiting from shared systems and services on
their digital platforms, to include - at a minimum - the following:
a. Eligibility for use, conditions and requirements for linking to and benefiting from the platform.
b. Procedures for submitting requests for linking to and benefiting from the platform.
2) Determining the mechanism for receiving requests for linking and benefiting from shares systems
and services, and taking a decision on those requests within a period not exceeding ten working
days from the date of submitting the request, while adhering to the following:
a. The mechanism for receiving linking requests should be automated.
b. Providing the necessary technical support to the beneficiary government agency through more
than one communication channel until the completion of linking and benefiting from the
platform, if the request is approved.
c. Approving the assignment of the system administrator nominated by the beneficiary
Compliance
government agency to link during the specified period.
Requirements
d. Informing the beneficiary government agency of the reasons for the rejection decision within
the specified period, if the linking request is rejected within a period to be agreed upon
between the two parties.
e. Determining the period required to respond to internal inquiries and support requests from the
beneficiary government agency's employees.
3) Inclusion of use agreement, including the consequences of misuse of information systems and
resources and electronic links of relevant laws and regulations.
4) Preparing service level agreements (SLAs) to ensure the availability of the system around the clock
and sustainability and availability of the service through more than one electronic channel to
provide the beneficiary government agencies with the service. Preparing operating procedures
documents for all operations and detailing the service level agreements for support services on the
platform.

1) Attaching copy of the instructions on the procedures for benefiting from shared systems and
services in accordance with the compliance requirements of this standard.
Supporting 2) Attaching the mechanism for receiving requests for linking to and benefiting from shared systems
documents and services that meet the compliance requirements of this standard.
3) Attaching copy of the Use Agreement.
4) Attach copies of the Service Level Agreements (SLA).

Digital Transformation Basic Standards DGA-1-2-1-111

73
 Related Orders,
▪ Digital Government Authority’s Circular No. (1339) dated 15/11/1444 AH, on Whole-of-Government
Resolutions and
Platforms Controls.
Circulars

Scope Agencies specified in Appendix 7.6.

5.13.5 Monitoring the performance of shared systems and services (by concerned agencies)
Monitoring the performance of shared systems and services and conducting periodic audit on their
Objective
compliance with the specifications and regulations issued by the DGA.

1) Identifying a department within the agency’s organizational structure to audit and follow up on the
performance of shared systems and services.

2) Developing an operating model for managing and organizing the business of shared systems and
Compliance services, which includes roles and responsibilities, governance model, and work procedures.
Requirements
3) Monitoring the usage data according to a comprehensive methodology determined by the
concerned entity, and drawing conclusions and insights from those data and benefiting therefrom.

4) Developing an audit and follow-up mechanism to evaluate the functionality and use cases of shared
systems and services and measure compliance with these standards.

1) Attaching the organizational structure and description of tasks for the department in charge of
auditing and following up on the performance of shared systems and services.

2) Attaching the operating model for managing and organizing the works of shared systems and
services in accordance with the compliance requirements of this standard.
Supporting documents

3) Attaching documents and samples of reports, minutes of meetings and decisions that prove that
the agency is following up on usage data.

4) Attaching an audit and follow-up mechanism that evaluates the functions of shared systems and
services and their use cases.

Related Orders,
Resolutions and ▪ Digital Government Authority’s Circular No. (1339) dated 15/11/1444 AH, on Whole-of-Government

Circulars Platforms Controls.

Scope Agencies specified in Appendix 7.6.

Digital Transformation Basic Standards DGA-1-2-1-111

74
 5.13.6 Managing relationship with beneficiaries (by concerned agencies)

Managing relationship with government agencies benefiting from shared systems and services to
Objective
enhance their participation in the platform development.

1) Implementing promotional campaigns to introduce shared systems and services.

2) Providing the necessary training programs and tools for the system administrator assigned by the
beneficiary government agency.
Compliance
Requirements 3) Providing technical support services to the beneficiary government agencies to provide support
with regard to the use and operation of shared systems and services.

4) Preparing an annual roadmap to develop shared systems and services and improve user
satisfaction.

1) Attaching evidences on conducting promotional campaigns to introduce the shared systems and
services.

2) Attaching training programs carried out by the owners in favor of the beneficiaries.
Supporting documents

3) Attaching evidences on the provision of technical support services to the beneficiary government
agencies to provide support with regard to the use and operation of shared systems and services.

4) Attaching copy of the roadmap for developing shared systems and services.

Related Orders,
Resolutions and ▪ Digital Government Authority’s Circular No. (1339) dated 15/11/1444 AH, on Whole-of-Government

Circulars Platforms Controls.

Scope Agencies specified in Appendix 7.6.

Digital Transformation Basic Standards DGA-1-2-1-111

75
 5.13.7 Activating digital trust services
Activating e-signature and documenting e-transactions and procedures provided to the beneficiaries
Objective
and within the agency of digital trust services.
1) Using e-signature and everything related to the authentication of data, documents, automated
documents and emails provided to beneficiaries, including, at a minimum, the following:
a. Description of e-service.
b. Type of digital trust service used (e-signature, e-stamp, digital certificates, etc.).
c. The date of activating digital trust service within the e-service.
d. Digital trust service provider (government, commercial), and the name of service provider.
e. Number of operations (e-signature, e-stamp, digital certificates, etc.) carried out.
f. A sample of an e-signed or e-stamped verifiable document issued from the electronic service.
2) Using e-signature and everything related to the authentication of data, documents, automated
documents and emails - e-procedures within the agency, which include, at a minimum, the
Compliance
following:
Requirements
a. Description of electronic procedure.
b. Type of digital trust service used (e-signature, e-stamp, digital certificates, etc.).
c. The date of activating digital trust service within the e-procedure.
d. Digital trust service provider (government, commercial), and the name of service provider.
e. Number of operations (e-signature, e-stamp, digital certificates, etc.) carried out.
f. A sample of an e-signed or e-stamped verifiable document issued from the electronic service.
3) Activating e-signature in digital services and platforms through the licensed entities to provide
digital trust services and allocating financial items for the same within their budgets and giving
them priority when discussing their annual budgets with the Ministry of Finance, all within the
limits specified in this respect and according to the rules of preparing the state general budget.
1) Providing proof of all use cases (e-service provided to beneficiaries in which one of the digital trust
services was used) in accordance with the compliance requirements of this standard.
2) Providing proof of all use cases (e-procedure within the agency in which one of the digital trust
Supporting
services was used), in accordance with the compliance requirements of this standard.
documents
3) Attaching proof of activation of e-signature in digital services and platforms through the entities
licensed to provide digital trust services, and allocating financial items for them within their
budgets, in accordance with the compliance requirements of this standard.

▪ High Order No. (41990) dated 11/10/1435 AH,.

▪ High Order No. (57231) dated 10/11/1439 AH, Clause (Fourth).
Related Orders, ▪ Council of Ministers’ Resolution No. (555) dated 23/09/1440 AH, Paragraph No. (2) of Clause
Resolutions and (Seventh).
Circulars ▪ Electronic Transactions Law issued by Royal Decree No. (M/18) dated 08/03/1428 AH, and its
subsequent amendments and its Executive Regulations.
▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (15).

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

76
 5.13.8 Governance and registration of digital government platforms
Coordinating efforts in providing digital services, avoiding redundancy and duplication of content of
Objective
digital platforms, and rationalizing the efficiency of government spending.

1) Listing the agency's existing platforms and reporting them to the Digital Government Authority.
2) Obtaining the DGA’s prior approval before establishing or launching any platform.
Compliance
3) Registering the information of agency's all digital services in the service designated for this
Requirements
purpose on the "Raqmi" portal and updating it continuously.
4) Exporting e-stamp for all approved and registered platforms.

1) Attaching proof of the inventory of existing platforms.

Supporting 2) Attaching copy of the requests for approval of new digital platforms uploaded on the DGA's
documents website.
3) The auditor will verify these requests by visiting the agency's website and examine ethe
availability of the required information.

▪ High Order No. (11904) dated 05/03/1437 AH,.

Related Orders, ▪ Digital Government Authority’s Circular No. (1/ 42/5589) dated 07/11/1442 AH,.
Resolutions and ▪ Digital Government Authority’s Circular No. (955) dated 28/01/1443 AH,.
Circulars ▪ Digital Government Authority’s Circular No. (257) dated 08/04/1444 AH,.
▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (16).

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

77
 Consolidating and integrating agency’s platforms and closing platforms and domains that
5.13.9
are no longer needed
Developing an action plan to consolidate and integrate the agency's platforms within the sector's
action plan, in cooperation with the sector's leader, and closing platforms and domains that have
Objective
been merged or integrated within the sector's unified platform or temporary seasonal platforms that
have expired or platforms no longer needed or domains reserved and no longer used.

Compliance requirements to be met by the agencies concerned with “the plan to consolidate and
integrate the agency's platforms”, as specified in Appendix No. 7.6

1) Studying and analyzing the current status of the agency's platforms.

2) Reviewing all the agency's platforms and domains, verifying their activation and operation, and
evaluating the need for continuous operation.
3) Develop a vision plan for the future status of the agency’s digital landscape, based on the
analysis of the agency’s platforms current status within the sector.
4) Obtaining the DGA's approval on the future vision for consolidation and integration of platforms.

Compliance 5) Preparing an executive plan to consolidate and integrate the agency’s platforms within the

Requirements sector’s work plan, which shows the list of platforms to be integrated and the services to be
transferred, as well as transformation completion date.
6) Developing a mechanism to follow up on the implementation of the integration plan and
preparing periodic follow-up reports that show the progress of implementation, including the
time frame for launching products and services included in the sector platform roadmap.

Compliance requirements to be met by all government agencies

7) Closing access to platforms that have been integrated or their services transferred within the
consolidated platform and closing their domains, if any.
8) Closing inactive and unused domains, if any.
9) Closing temporary platforms which are no longer needed, if any.

Documents to be submitted by government agencies concerned with “the plan to consolidate and
integrate the agency's platforms”, as specified in Appendix No. 7.6

1) Attaching a document proving the study and analysis of the current status of the agency's
platforms.
Supporting
2) Attaching proof of reviews carried out to all agency's platforms and domains.
documents
3) Attaching the future vision of the agency's digital landscape within the relevant sector.
4) Attaching proof of obtaining the DGA’s approval on the future vision and implementation plan.
5) Attaching an executive plan to consolidate and integrate the agency’s platforms within the
sector’s work plan, which shows the list of platforms to be integrated and the services to be
transferred, as well as transformation completion date.

Digital Transformation Basic Standards DGA-1-2-1-111

78
 6) Attaching a mechanism to follow up and implement the integration plan and periodic follow-
up reports, including the time frame for launching products and services included in the sector
platform roadmap.

Documents required from all government agencies

7) Attaching a list showing the platforms and domains that have been closed, while clarifying the
reasons for closure.
8) Attaching a report showing the closure of inactive and temporary platforms (if not applicable,
an approved document of the same is attached, and the validity of the data will be verified
through the DGA's checklists).

▪ High Order No. (11904) dated 05/03/1437 AH,

Related Orders, ▪ Digital Government Authority’s Circular No. (1/ 42/5589) dated 07/11/1442 AH,
Resolutions and ▪ Digital Government Authority’s Circular No. (955) dated 28/01/1443 AH,
Circulars ▪ Digital Government Authority’s Circular No. (257) dated 08/04/1444 AH,
▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (16).

Scope Agencies specified in Annex 7.6, and all government agencies as indicated in this card.

Digital Transformation Basic Standards DGA-1-2-1-111

79
 5.13.10 Developing digital websites and platforms

Implementing regulations related to domain names of government agencies, developing the

Objective content of digital government websites and platforms in line with the needs and requirements of
beneficiaries, and improving the efficiency of digital content of digital channels.

1) Registering the domain names of the agency's websites in accordance with the regulations and
rules issued by the Saudi Network Information Center at the Communications, Space &
Technology Commission.
2) Adopting the sixth version of the Internet Protocol (IPv6) and activating the Domain Name
Compliance System Secure Extension (DNSSEC) to protect domains and reduce risks and cyberattacks.
Requirements 3) Improving visibility of websites and digital platforms on search engines by applying the Guide
to Search Engine Optimization Basics for Websites and relevant regulations issued by the
Authority.
4) Improving the content of websites and digital platforms on search engines by applying the
Guide to Search Engine Optimization Basics for Websites and relevant regulations issued by the
Authority.

1) Submitting an official document certified by the authorized person that includes a list of links to
the agency's websites and electronic services, specifying the main link to the agency's website.
Supporting
2) Submitting documents proving the adoption of the sixth version of the Internet Protocol IPv6 .
documents
3) Requirements 3 and 4 do not require attaching any document or proof, and the auditor visits the
agency's website to prove and verify compliance with the requirements.

▪ Council of Ministers’ Resolution No. (555) dated 23/09/1440 AH, Paragraph No. (1) of Clause
(Second) of the controls of using information and communication technologies in government
Related Orders,
agencies.
Resolutions and
▪ Royal Decree No. (M/106) dated 02/11/1443 AH, approving the Communications and
Circulars
Information Technology Act, its executive regulations, and registration regulations and rules
drawn up thereon.

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

80
 Seventh Section: Channels and Services
5.14. Digital services quality

The axis includes the standards and requirements for the application of frameworks and models that ensure the effective
operation, follow-up and control of all types of digital services.

5.14.1 Developing a mechanism to measure the quality of digital services

Developing comprehensive standards to measure the quality of digital services from a technical and
Objective
operational point of view.

1) Defining standards and a framework for the quality of digital services to be evaluated periodically
according to these standards.
Compliance
2) Adopting indicators that measure the selected standards, provided that these indicators are
Requirements
numerically measurable in their entirety.
3) Determining the mechanism for setting targets for operation and service levels, and the mechanism
for measuring thereof.

1) Attaching digital services quality standards and framework.

Supporting
2) Attaching performance indicators that measure the selected standards.
documents
3) Attaching the mechanism for setting targets for operating and service levels, and the mechanism for
measuring it.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (5).

Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

81
 5.14.2 Using digital systems to measure the quality of digital services

Utilizing digital systems to effectively and immediately monitor the quality of digital services and make
Objective
appropriate decisions.

1) Developing digital systems and tools that measure the quality of digital services according to its approved
indicators and standards.
2) Developing real-time monitors for selected indicators, and authorizing products/ applications managers
for real-time monitoring.
Compliance
3) Issuing periodic reports on quality of digital services.
Requirements
4) Sharing reports with governance committees associated with service management and quality, and
discussing findings periodically.
5) Taking the necessary actions and decisions to improve the services based on the reports and results
submitted to the competent committees, in accordance with the governance mechanism followed.

1) Attaching adequate samples and screenshots of the systems used to measure quality of services.
2) Attaching 5 samples of real-time monitors for the selected indicators, and clarifying the use powers.
3) Attaching 3 samples of periodic reports to follow up the quality of digital services.
Supporting
4) Attaching proofs of sharing reports with governance committees associated with service management
documents
and quality.
5) Attaching 3 samples of decisions and minutes of meetings that prove the activation of the mechanism to
monitor the services quality and take appropriate decisions.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).

Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

82
 5.14.3 Achieving integration in service quality management

Objective Linking digital services quality procedures to relevant departments and systems.

1) Linking quality plans and practices to business continuity policies in accordance with governance
framework.
Compliance 2) Linking reports and corrective actions to infrastructure management practices in accordance with

Requirements the governance framework.

Supporting documents
3) Leverage UX reports and practices.
4) Developing mechanisms for service quality measurements for linking with the relevant agencies.
1) Attaching a document showing the linkage of digital service quality policies and procedures with
business continuity policies and procedures.
2) Attaching 3 samples of corrective decisions shared between the digital services quality department
and other departments.
3) Attaching 3 samples of studies conducted on UX reports and beneficiary satisfaction.
4) Attaching proof of using digital systems that accept linking with the relevant agencies.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).

Circulars

Scope All government agencies.

5.14.4 Development of Priority Services

Objective Identifying priority digital services and raising their maturity level.

1) Identifying strategic and operational targets to increase the utilization rates of each of the digital
government services classified as a priority.
Compliance 2) Developing the service to achieve the highest possible level of maturity and integration.

Requirements 3) Providing the service on all possible channels and employing emerging technologies as much as
possible in providing the service.
4) Measuring and reporting usage rates of each prioritized service.
1) Attaching the reports that prove the strategic and operational targets to increase the utilization rates
of each of the digital government services classified as a priority.
2) Attaching the reports that show the level of maturity and integration of priority services.
Supporting documents
3) Attaching adequate samples that show the availability of all priority services on all possible
channels, and employing emerging technologies as much as possible in the provision of the service.
4) Attaching the reports that show the measurement of usage rates of priority services.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).

Circulars

Scope Agencies specified in Appendix 7.6.

Digital Transformation Basic Standards DGA-1-2-1-111

83
 5.15. Digital Channels and Services

It includes all channels through which the agency can provide services, and identifies the appropriate channels for the beneficiaries
categories and their familiarity with technology.

5.15.1 Development of non-automated government services

Automating all services and procedures provided by government agencies (non-digital services or
services provided through branches) and developing a development plan for these services in
Objective
cooperation with the sector leader, in order to reduce the interference of the human factor and
complete digital transformation in the Saudi government sector.
1) Listing, registering and updating non-automated government services on “Raqmi” Portal.
2) Designing non-automated government services procedures, taking into account the
Compliance identification of the targeted platform, based on the sector's objectives to integrate
Requirements government platforms and apply best beneficiary experience.
3) Developing an executive plan to automate non-automated government services at the agency.
4) Obtaining the DGA's approval on the design of executive plan and procedures for launch.
1) Attaching an inventory document for all non-automated government services.
2) Attaching the designs of non-automated government services procedures that agency seeks to
automate.
Supporting documents
3) Attaching the executive plan for the launch of government services, based on the approved
procedures.
4) Attaching the DGA's approval on the design of executive plan and procedures for launch.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (16).

Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

84
 5.15.2 Planning for the provision and improvement of services through digital channels

Objective Providing services through digital channels and developing the plans necessary in this regard.

1) Developing a plan to make services available to beneficiaries through appropriate digital

channels (including call center), to include the following:
a. List of services to be launched through digital channels.
b. Appropriate digital channels to launch each service (voice, mail, instant messaging, video

Compliance for deaf).

Requirements c. Schedule for launching these services.

d. Approved performance indicators to measure the performance of each of these services
through digital channels (business performance indicators benefiting to responsible
departments).
e. Automation of requests for linkage to shared digital services and systems and support
processes.
1) Attaching the plan approved to provide services to beneficiaries that meets the compliance
Supporting documents
requirements of this standard.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).

Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

85
 5.15.3 Implementing and improving the plans to make services available on digital channels

Following up on the provision of services through the appropriate digital channels, and following up
Objective
the beneficiaries interaction with these services.

1) Implementing plan to make services available through digital channels (including call center).
2) Including clear information about digital services, to include the following:
a. An overview of the service.
b. Channels available to provide the service.
c. Services provisions requirements.
d. Policies, systems and procedures associated with the service.
e. Targeted user segments.
f. Service launch date.
3) Providing digital services to all beneficiaries segments to ensure that people with special needs
can access the services.
4) Linking these services to the National Unified Portal for Government Services, so that the
Compliance beneficiary accesses to a seamless, satisfying and integrated digital experience.
Requirements 5) Linking digital services to beneficiary satisfaction measurement systems automatically, and
preparing a mechanism to make their data and statistics available; for making them available to
the relevant agencies in digital form.
6) Monitoring the services that have been launched, and issuing periodic reports on the approved
performance indicators for each service and in each of the call center channels (voice, mail, instant
messaging, video for deaf).
7) Studying and analyzing services on an ongoing basis and studying extent to which the services
can be provided through various electronic channels, and taking the necessary steps to improve
services and increasing use of electronic channels.
8) Including statistics in the agency's annual reports on the actions taken to provide and improve
services, to include the following:
a. Time taken to complete services for beneficiaries.
b. Beneficiaries' satisfaction with the digital services provided.

1) Attaching periodic reports that show the follow-up of the implementation of executive plan to
provide services to beneficiaries.
Supporting 2) Attaching a service catalogue that meets the compliance requirements of this standard.
documents 3) Attaching proofs of the provision of the service to different groups to ensure that persons with
special needs can access these services.
4) Attaching reports that prove that these services have been linked to the National Unified Portal
for Government Services.

Digital Transformation Basic Standards DGA-1-2-1-111

86
 5) Attaching reports that prove that these digital services have been linked to beneficiary
satisfaction measurement systems, and indicating the mechanism for making their data and
statistics available.
6) Attaching adequate samples of periodic reports of digital service performance indicators in
accordance with the compliance requirements of the standard.
7) Attaching adequate samples of minutes of meetings, corrective decisions and analytical studies
of services.
8) Providing copy of the agency annual report showing statistics related to:
a. Time taken to complete services for beneficiaries.
b. Beneficiaries' satisfaction with the digital services provided.

Related Orders, ▪ Council of Ministers’ Resolution No. (40) dated 27/02/1427 AH, Paragraph No. (15).
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (4).
Circulars ▪ Royal Order No. (17850) dated 16/03/1441 AH, Clause (Second).

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

87
 5.15.4 Integration and consistency of service delivery channels

Objective Achieving integration between various digital channels that provide services to beneficiaries.

1) Integration between service delivery channels to enable the beneficiary to implement his
services without interruption through the various channels used to provide the same service.
2) Consistently making the services available across multiple channels according to the suitability
Compliance
of channels for user segments and their familiarity with the technology.
Requirements
3) Providing access to the agency’s websites and portals from various devices and browsers in
accordance with the (RWD) principle.
4) Including beneficiary care centers as service delivery channels and linking them to beneficiary
relationship management systems.

1) Attaching 3 samples showing the integration between service delivery channels and provision of
the same service through more than one channel.
2) Attaching 3 samples showing the availability of services consistently across multiple channels
Supporting
and their suitability for all user segments.
documents
3) Attaching adequate samples proving the availability of access to the agency's sites and portals
from various devices and browsers.
4) Attaching adequate samples showing the process of linking and integrating between beneficiary
care centers and beneficiary relationship management systems.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

88
 Eighth Section: Beneficiary Centrality
5.16. Beneficiary participation

It ensures that the beneficiary's role is enhanced and transformed into an effective partner in the development and improvement
of digital government services by identifying his views and ideas about the experience of obtaining such services, which helps
government agencies in understanding the beneficiaries experiences.

5.16.1 Proactive disclosure of information on government websites and platforms

Objective Sharing public information and promoting transparency across all government sectors.

1) Availability of the agency's necessary information on its website, and such information shall
include the following:
a. Administrative reference for non-independent government agencies.
b. Contact numbers, e-mail, and any additional electronic means to communicate with the
beneficiaries of government services.
c. Privacy statement, property rights, and disclaimer statement that the agency does not
assume any legal responsibility for the use of data or information published on its websites.
d. Use agreement, including the consequences of misuse of information systems and resources
Compliance
and electronic portal of relevant laws and regulations.
Requirements
e. Most prominent activities and achievements in its field of work.
f. An updated copy of the information necessary for the services provided to beneficiaries.
g. Information about its social media accounts.
2) Publishing laws and regulations related to the agency's business.
3) Publishing general information about the government agency, its establishment, tasks,
objectives, regulations and policies related to its field of supervision.
4) Publishing links of the websites of any national/local government institutions/agencies related
to the agency's business.

Supporting 1) It does not require attaching any document or proof, and the auditor visits the agency's website
documents to prove and verify the availability of the required information.

▪ Council of Ministers’ Resolution No. (40) dated 127/02/1427 AH, Paragraph No. (15).
Related Orders, ▪ Council of Ministers’ Resolution No. (555) dated 23/09/1440 AH, Paragraph No. (2) of Clause
Resolutions and (Second) of the controls of using information and communication technologies in government
Circulars agencies.
▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

89
 5.16.2 Availability of channels, topics and opportunities for e-participation

Availability of channels and topics for beneficiaries to share their views, feedbacks and
Objective
suggestions.

1) Listing the necessary and appropriate electronic channels for the beneficiaries, which enable
them to share their views, feedbacks and suggestions about the services provided, including

Compliance social media channels.

Requirements 2) Survey on draft regulations, laws and policies through "Istitlaa" platform, including (bidding
and tendering, implementation, results and decision).
3) Posting e-participation topics and opportunities on ("Tafaul" platform), and on the
government agency's website (as applicable).
4) Developing an approved mechanism to benefit from the beneficiaries’ views and
participation, including the development of a course of action for beneficiaries’ feedback
according to different ratings.
5) Identifying performance indicators to respond to feedbacks and notify the beneficiary of the
time required to study the feedback or suggestion.

1) Samples of channels provided by the agency for the beneficiary's participation.

2) Samples of draft regulations, laws and policies published on "Istitlaa" platform, and
screenshots proving the publication of these documents on "Istitlaa" platform.
3) 4 samples (one for each quarter) of “Tafaul” platform for topics and e-participation
opportunities.
Supporting
4) Attaching the mechanism adopted by the agency to benefit from the beneficiaries’
documents
participation (including the courses of action followed in addressing feedbacks, suggestions
and performance indicators).
5) Attaching reports showing performance indicators for responding to feedback and 3 samples
of notifications issued to beneficiaries, which include the expected time to respond to the
feedback or suggestion.

▪ Royal Court Circular No. (70701) dated 13/11/1443 AH,.

Related Orders,
▪ Digital Government Authority’s Circular No. (311) dated 16/03/1445 AH, on Risks Management
Resolutions and
Controls.
Circulars
▪ Royal Court Circular No. (22424) dated 09/04/1443 AH,.

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

90
 5.16.3 Following up on beneficiaries participation

Following up on channels dedicated to beneficiaries participation on an ongoing basis and

Objective
monitoring and responding to feedbacks.

Compliance requirements to be met by all government agencies.

1) Continuous and periodic follow-up of beneficiaries participation, and monitoring all opinions,
participations, complaints, and suggestions.
2) Giving the beneficiary a reference number for the feedback or suggestion and the results of
Compliance
study.
Requirements
Compliance requirements to be met by the government agencies benefiting from digital reporting,
as specified in Appendix No. 7.6.

3) Processing digital reports submitted by the Digital Government Authority in accordance with
the Service Level Agreement.

Documents required from all government agencies.

1) Samples proving periodic follow-up of beneficiaries participation, and clarifying monitoring

processes for opinions, participation, complaints and suggestions (dashboards or real-time
reports).
2) 4 samples (one for each quarter) of the beneficiary's notification with a reference number for
Supporting the feedback or suggestion and the beneficiary's notification of the results.
documents Compliance requirements to be met by the government agencies benefiting from digital reporting,
as specified in Appendix No. 7.6.

3) No document or proof is required to be attached, and the commitment of government

agencies to the digital reporting service is followed up directly by the Digital Government
Authority, which issues monthly reports showing the received and closed reports and
performance indicators.

Related Orders, ▪ Digital Government Authority’s Circular No. (311) dated 16/03/1445 AH, on E-Participation
Resolutions and Controls.
Circulars ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).

All government agencies and the concerned government agencies specified in Appendix No. 7.6,
Scope
as indicated in this card.

Digital Transformation Basic Standards DGA-1-2-1-111

91
 5.16.4 Benefiting from and deploying beneficiaries’ participation

Presenting the e-participation results, and benefit from beneficiaries’ participation in the decision-
Objective
making process, and launching and improving services.

1) Considering the beneficiaries’ views, and encouraging them to continue to participate in all
design stages of digital government services.
2) Issuing periodic reports received from various channels dedicated to beneficiaries’
participation.
Compliance
3) Benefiting from beneficiaries’ participation in the process of developing and improving the
Requirements
services provided and making the necessary decisions based on these views and experiences.
4) Publishing the results of consultations and e-participation on what has been presented on the
government agency's official channels, and through specialized e-participation platforms:
“Tafaul” Platform and “Istitlaa” Platform

1) Attaching 4 samples (one for each quarter) to prove that the views of the beneficiaries have
been considered.
Supporting 2) Attaching 4 samples (one for each quarter) of the periodic reports.
documents 3) Attaching 4 samples (one for each quarter) to prove that the beneficiaries’ participations have
been utilized.
4) Attaching sample of the results of the consultations and e-participation published.

Related Orders,
▪ Digital Government Authority’s Circular No. (311) dated 16/03/1445 AH, on E-Participation
Resolutions and
Controls.
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

92
 5.17. Enhancing relationship with the beneficiary

The axis applies a clear approach to the process of managing communication with the beneficiaries and marketing the agency's
services using modern means and methods to improve the procedures of supporting and enhancing the relationship with the
beneficiaries in the government agency.

5.17.1 Developing programs to enhancing relationship with the beneficiary

Developing programs related to enhancing the relationship with the beneficiaries of services and
Objective
appropriate marketing methods for digital services and products.

1) Developing an approved program to market the agency's services and enhance its relationship
with the beneficiaries of their various classifications, taking into account the quality of
channels through which services are provided. The program to enhance the relationship with
the beneficiary includes the following points:
a. List of services that the agency aims to market, taking into account priority digital services.
b. The targeted groups of the plan to strengthen the relationship and market the services.
Compliance c. Electronic channels used in marketing operations and relationship enhancement.
Requirements d. Means and events that will be carried out for marketing and enhancing relationship with
the beneficiary.
e. The schedule approved for holding these events.
f. Performance indicators through which the success of these events will be measured.
g. Periodic reports to be issued on these events.
2) Applying controls related to social media issued by the Ministry of Media and relevant
authorities.

1) Attach the approved program to enhance relationship with the beneficiary, which proves the
Supporting agency's commitment to the compliance requirements of this standard.
documents 2) Attaching sample of regulations and controls related to participation in its social media.

Related Orders, ▪ Council of Ministers’ Resolution No. (555) dated 23/09/1440 AH, Clause (Eighth)
Resolutions and ▪ Royal Court Circular No. (47746) dated 29/06/1445 AH, regarding the approval of controls of
Circulars media use of social media in government agencies.

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

93
 5.17.2 Implementing a program to enhancing relationship with the beneficiary
Implementing the approved programs to enhancing the relationship with the beneficiary through
Objective
various digital channels and appropriate means.

1) Implementing the approved marketing programs, campaigns and activities to raise the
beneficiaries’ awareness of the agency's digital services and ways to obtain the services
through various channels.
2) Monitoring and measuring the approved performance indicators that measure the objectives
Compliance of the program to strengthen the relationship with the beneficiary and the extent to which they
Requirements achieve the desired goals, and measuring the extent of progress in programs implementation.
3) Studying and analyzing the periodic reports resulting from the implementation of the program
to strengthen the relationship with the beneficiary, and benefiting from these reports in
developing marketing activities, improving service level and taking appropriate decisions in
this regard.

1) Attaching adequate reports and screenshots that prove that the agency has implemented the
approved programs to strengthen the relationship with the beneficiary, including all products
and platforms (whether for individuals or agencies).
2) Attaching the periodic reports that measure the success of programs to strengthen the
Supporting relationship with the beneficiary in achieving the objectives, and clarifying the completion
documents rates.
3) Attaching minutes and official documents proving that the agency has studied and analyzed
the periodic reports resulting from the implementation of programs to strengthen the
relationship with the beneficiary, and took decisions that contribute to the development of its
marketing programs.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (13).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

94
 5.17.3 Cooperation in the field of enhancing relationship with the beneficiary

Achieving cooperation and integration with other government agencies with regard to enhancing
Objective
relationship with the beneficiary.

1) Achieving cooperation with other government agencies in marketing shared services, and
enhancing the relationship with beneficiaries through integration of programs and activities
Compliance
related to shared services.
Requirements
2) Carrying out joint marketing campaigns with the government agencies concerned with the
services provided, and including these activities within the programs to enhancing
relationship with the beneficiary.

1) Attaching adequate documents and samples of reports, minutes of meetings and decisions
that prove that the agency has committed to achieving cooperation and integration with other
agencies in the field of marketing shared services and enhancing relationship with the
Supporting documents
beneficiary.
2) Attach adequate documents and samples of reports, minutes of meetings and decisions that
prove that the agency has conducted joint marketing campaigns with the government
agencies concerned with the services provided.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

95
 5.18. Beneficiary Experience

The axis ensures that the beneficiary interacts with the government agency during all stages of providing the service, by
adopting the principles of creative, interactive and visual design, and ease of access and use, to ensure the sustainability and
continuity of the relationship.

5.18.1 Establishing foundations of beneficiary centrality

Establishing foundations of beneficiary centrality to ensure the optimal use of digital government
Objective
services and adopting them by beneficiaries

1) Developing policies that enable the adoption of the concept of beneficiary centrality in the
provision of digital government services, such as the policy of "access to information and digital
government services", and the policy of "e-participation" and publishing these policies in the
Compliance channels through which digital government services are provided, taking into account their
Requirements comprehensiveness, clarity of formulation and method of presentation.
2) Developing a strategy for the provision of digital services that takes into account the concept
of beneficiary centrality, and developing the plans, programs and follow up mechanisms
required to implement the strategy.

Supporting 1) Attaching policies and strategies that support the adoption of the beneficiary centricity in the
documents provision of digital government services.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).

Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

96
 5.18.2 Determining the agency's vision for the beneficiary's experience

Objective Determining a clear vision for the beneficiary's digital experience.

1) The agency has a vision to measure and improve the beneficiary's experience.
2) Identifying performance indicators associated with measuring and improving the beneficiary
experience, to include the following:
a. Accessibility for the service.
Compliance b. Identical service level in all channels.
Requirements c. Caring of the content.
d. Ease of usage.
e. Importance of the service and the beneficiary's benefit period.
f. Reliability.
g. Efficiency.
1) Attaching an approved document specifying the agency's vision for the beneficiary's
Supporting
experience and specifying the approved indicators to achieve this vision, according to the
documents
compliance requirements of this standard.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).

Circulars

Scope All government agencies.

5.18.3 Studying the beneficiary's experience to improve it

Objective Studying the beneficiary's experience to improve it, and setting standard targets in this respect.

1) Conducting a preliminary study of the beneficiary's digital experience to improve it, to include:
a. Objectives of the improvement process based on the study of beneficiary experience and
Compliance satisfaction assessment.
Requirements b. List of tools used to measure the beneficiary's experience.
c. Methodologies for measuring the impact of applying beneficiary-centric practices and
developing the beneficiary experience.

Supporting 1) Attaching an approved document proving that the agency has studied the beneficiary's digital
documents experience, which meets the compliance requirements of this standard.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

97
 5.18.4 Applying digital tools for measuring and following up on the beneficiary's experience

Objective Applying digital tools for measuring and following up on the beneficiary's experience.

1) Employing the necessary digital tools and technologies to measure the beneficiary's experience
and behavior during the performance of the service, directly or indirectly, to include:
a. Tools to track the performance indicators that have been prepared.
Compliance b. Tools that allow the creation of beneficiary satisfaction reports for those services.
Requirements 2) Studying and analyzing the reports resulting from the digital tools and technologies used to
measure the beneficiary's experience, and using them to improve the services.
3) Comparisons according to performance indicators that measure the beneficiary experience, as
approved for improved services before and after improvement.

1) Attaching adequate samples of reports and tool screens used to measure beneficiary
satisfaction and follow up on performance indicators, which prove the agency's commitment
to the application of digital tools for measuring and following up on the beneficiary's
experience.
Supporting
2) Attaching proof of studying and analyzing the reports resulting from the digital tools and
documents
technologies used to measure the beneficiary's experience, and using them to improve the
services،
3) Attach reports showing comparisons of improved services before and after improvement,
according to approved performance indicators for measuring the beneficiary experience.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

98
 5.18.5 Applying the life journeys concept

Identifying all life journeys that consist of key activities represented in several digital services
Objective between more than one government agency in cooperation with the sector's leader, to achieve a
unified integrated life experience from the beneficiary's perspective.

1) Visualizing the future perception of the agency digital scene based on the beneficiary's life
Compliance journeys, according to the type of targeted group.
Requirements 2) Service journey flowchart.
3) Developing an executive plan to adopt and apply life journeys to the agency's digital scene.

1) Attaching the agency's future vision to identify the beneficiaries life journeys that meet the
Supporting compliance requirements of this standard.
documents 2) Attaching services journey flowchart.
3) Attaching an executive plan to apply life journeys to the agency's digital scene.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (16).
Circulars

Scope Agencies specified in Appendix 7.6.

Digital Transformation Basic Standards DGA-1-2-1-111

99
 Ninth Section: Government Data
5.19. Data Governance and Management

The axis includes the standards and requirements for applying a set of models, policies, systems and standards that relate to the
data collected in the government agency, and how they are dealt with, starting from their definition and the mechanism of
collecting, storing, arranging, integrating and using them in the agency.

5.19.1 Establishing a Data Governance and Management Unit

Establishing a special unit for data governance and management to develop plans, policies and rules
Objective
for data governance and management.

1) Establishing an independent data governance and management unit to fully supervise the
Compliance agency's data governance and management.
Requirements 2) Adopting an organizational framework for data governance and management that clarifies roles
and responsibilities, and monitors compliance with policies and rules.

1) Attaching documents proving that the agency has committed to establishing a data
Supporting
management and governance unit.
documents
2) Organizational framework for data management and governance unit.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

100
 5.19.2 Developing data governance and management policies
Objective Developing policies and rules that are consistent with relevant national policies.

1) Analyzing the current data situation in the agency, and identifying the most important gaps and
difficulties encountered.
2) Developing a data governance and management strategy that includes all necessary plans with
regard to the agency's data.
3) Developing and aligning the agency’s policies and regulations with the national systems and
regulations for data governance and management (including Personal Data Protection Law and
Compliance its executive regulations, policies of the National Data Management Office, policies of the
Requirements National Information Center, and policies issued by the National Cybersecurity Authority in this
regard), and committing to and applying the same.
4) Obliging employees to abide by standards related to privacy protection through declarations
and terms of use agreements.
5) Developing data monitoring reports and following up on compliance with data governance and
management policies and rules and on the implementation of decisions taken to develop and
update these policies and rules.

1) Attaching a document analyzing the current status of the agency's data.

2) Attaching adequate documents and samples that prove the agency's commitment to develop
and adopt data governance and management strategy and policies, in accordance with the
compliance requirements of this standard.
Supporting
3) Attaching copy of the circulars and regulations issued to the employees regarding compliance
documents
with privacy protection standards and dealing with beneficiary data, or a sample of the non-
disclosure agreement explaining the non-disclosure of information about beneficiaries.
4) Attaching reports on data control and follow up on compliance with data governance and
management policies and rules.

▪ Personal Data Protection Law issued by Royal Decree No. (M/19) dated 09/02/1443 AH, as
amended by Royal Decree No. (M/148) dated 05/09/1444 AH, and its executive regulations
Related Orders,
issued on 29/02/1445 AH,.
Resolutions and
▪ Council of Ministers’ Resolution No. (40) dated 27/02/1427 AH, Paragraph No. (8).
Circulars
▪ Council of Ministers’ Decision No. (555) dated 23/09/1440 AH, Paragraph No. (5) of Clause
(Ninth).

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

101
 5.19.3 Activating Data Governance and Management

Enhancing the level of compliance with data governance and management requirements by
Objective classifying data and building its structure, and making use of modern digital systems to analyze data
and support decision-making.

1) Classification of the government agency’s data, in accordance with the relevant laws,
regulations and rules.
2) Building and modeling the government agency’s data structure.
Compliance
3) Issuing, studying and analyzing periodic reports to monitor compliance with policies and rules
Requirements
on data governance and management.
4) Making use of modern data analysis digital systems, and supporting business decision making in
other departments.

1) Attaching sample of data record showing classification levels given to various datasets.
2) Attaching sample of data structure and modeling.
Supporting 3) Attaching sample of follow-up reports that demonstrate commitment to the periodic review of
documents the data recorded in the databases.
4) Attaching (3 samples) proving that the agency has used data analysis technologies and business
intelligence in decision-making.

Related Orders,
Resolutions and ▪ Council of Ministers’ Resolution No. (40) dated 27/02/1427 AH, Paragraphs No. (2) and (6).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

102
 5.20. Data Usage and Availability

The axis includes standards and requirements for the application of models and processes aimed at sharing and making data
available through the necessary digital infrastructure, while enabling access to open data.

5.20.1 Data Utilization Strategy

Developing a strategy that enhances the agency’s usage of data and its applications, and supports
Objective
the agency's objectives.

1) Develop the data use strategy to include the vision and objectives of data use and utilization,
and be aligned and emanate from the agency's data governance and management strategy.
Compliance 2) Preparing an executive plan that clarifies the initiatives and projects necessary to activate the
Requirements data use strategy in a way that enhances the inherent value of data.
3) Identifying performance indicators and issuing follow-up reports on the implementation, study
and analysis of the plan.

1) Attaching data use strategy.

Supporting
2) Attaching an approved and valid executive plan for data use.
documents
3) Attaching copy of the follow up report to implement, study and analyze the executive plan.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

103
 5.20.2 Enabling Data Sharing
Making data available, enabling integration between government agencies, avoiding duplication
Objective and redundancy in databases, and using effective and secure application programming interfaces
(APIs).

1) Availability of the agency's shared data on the government service bus (GSB), and providing
these data to the government agencies free of charge, if requested.
2) Including statistics in the agency's annual reports on its commitment to share data with other
government agencies, including exchange volume of the agency's shared data on the
government service bus (GSB).
3) Developing a policy to give and revoke access to the agency's data, as needed.
4) Documenting all endpoints and information related to requests and responses on “Raqmi”
Compliance platform.
Requirements 5) Monitoring the APIs performance, logging events and analyzing logs to identify errors and
improve performance.
6) Issuing periodic follow-up reports on application programming interfaces (APIs) showing, at a
minimum, the following:
a. Number of interfaces that provide real-time data.
b. Number of open APIs for various segments of beneficiaries, including private sector,
individuals, researchers, entrepreneurs and innovators).
c. Detailed list of agencies with whom data was shared.

1) The availability of the agency's shared data on the government services bus (GSB) will be verified
through the Link Lists, and the availability of shared data will be verified through the Link Lists.
2) Providing copy of the agency annual report showing statistics related to sharing data with other
government agencies.
Supporting 3) Attaching copy of the policy for granting and revoking access to the agency's data.
documents 4) Documentation of endpoints will be verified through the APIs tool on “Raqmi” platform.
5) Attaching documents and samples of systems screens and periodic reports proving that the
agency has monitored the systems performance logs.
6) Attaching copy of the periodic follow-up reports of APIs, in accordance with the compliance
requirements of this standard.

▪ Council of Ministers’ Resolution No. (40) dated 27/02/1427 AH, Paragraphs No. (4), (5) and (7).
Related Orders, ▪ High Order No. (17850) dated 16/03/1441 AH, Clauses (Second) and (Third).
Resolutions and ▪ High Order No. (7732) dated 12/02/1440 AH, Clause (Fifth).
Circulars ▪ Digital Government Authority’s Circular No. (754) dated 26/05/1445 AH, regarding inventory of
application programming interfaces

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

104
 5.20.3 Advanced Data Analysis

Achieving effective implementation and optimal application of data analysis, and using forecasting
Objective
models to derive future patterns and trends from data.

Compliance 1) Using advanced data analysis tools and technologies.

Requirements 2) Using technological tools to conduct predictive analytics and using them in decision-making.

1) Attaching adequate documents and samples of reports and tool screens used for advanced data
Supporting analysis.
documents 2) Attaching reports showing the use of predictive models and decisions made based on the
advanced data analysis.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

105
 5.21. Open Data

The axis includes the standards and requirements for the application of procedures, systems and models that maximize use of
data and support decision-making.

5.21.1 Planning for Availability of Open Data

Developing approved plans for open data in a way that contributes to supporting the works of
Objective government agencies, private sector, entrepreneurs, innovation, and publish open data, through the
National Open Data Portal and the government agency's digital platforms.
1) Developing an approved open data plan that includes a list of datasets that the agency directly
submits. This plan shall include the following:
e. Strategic objectives of open data.
f. Datasets to be published.
g. Schedules for publishing open dataset.
2) Making open data available on the open data platform (open.data.gov.sa), to enable (private
sector – research and innovation – entrepreneurs) to obtain data, and thus contributing to
national development.
3) Approving the periodic reports issued on the open datasets, which will be published; to include
the following:
Compliance a. A list of datasets that have been published through the National Open Data Portal or the
Requirements agency's digital platforms.
b. Channels through which datasets were published, such as the National Open Data Portal or
any other platforms.
c. Metadata of the published open dataset.
d. Format-related documents and instructions to beneficiaries on how to use open data.
e. Periodically updating open data packages according to the nature of the data.
f. Number of operations on the agency's data packages in the open data platform (usage
measurement).
g. Number of open data programming interfaces published by the agency.
h. Size of the operations for each API of open datasets available by the agency (usage
measurement).
1) Attaching the open data plan that meets the compliance requirements of this standard.
2) Attaching adequate samples proving the availability of open data on the open data platform.
Supporting
3) Attaching the forms of approved periodic reports to follow up the publication of open data
documents
according to the approved plan that meets the compliance requirements of this standard (3
forms).

Related Orders,
▪ High Order No. (7732) dated 12/02/1440 AH, Clause (Fifth).
Resolutions and
▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraph No. (8).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

106
 5.21.2 Reviewing open datasets

Objective Continuous reviews and updates of open datasets published, according to approved plans.
1) Developing channels and mechanisms to receive researchers' requests for open data.
2) Reviewing published datasets and updates made to them, and issuing periodic reports showing
Compliance the results of review and volume of demand for open datasets and the usage rate.
Requirements 3) Studying and analyzing user requests to update and respond to datasets.
4) Making appropriate decisions related to updating open datasets based on the results of reviewing
datasets and studying users’ requests.
1) Attaching adequate samples of screenshots showing the channels and mechanisms that have
been provided to receive researchers' requests for open data.
2) Attaching adequate samples of periodic reports showing the review results of published datasets
and the updates made to them that meet the compliance requirements of this standard (3
Supporting
samples).
documents
3) Attaching adequate samples of reports showing the study, analysis and response to user requests
(3 samples).
4) Attaching adequate samples of decisions taken based on the analysis and study of periodic
reports and user requests (3 samples).

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).

Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

107
 5.21.3 Benefiting from Publishing Open Data

Analyzing and evaluating the extent to which other agencies and individuals benefited from the open
Objective
datasets that have been published.

1) Conducting analytical studies that clarify the key factors related to the usefulness of published
open data and the value of this data to beneficiaries.
Compliance
2) Analyzing the use cases of published open datasets, and the extent to which stakeholders benefit
Requirements
from these data, indicating the relationship with the agency's open datasets.
3) Developing the API manual for the open dataset made available by the agency.
1) Attaching adequate samples of analytical studies showing key factors related to the usefulness
of open data published.
Supporting
2) Attaching adequate samples of analytical studies showing use cases for open datasets that meet
documents
the compliance requirements of this standard (3 samples.)
3) Attaching the Open Data API User Manual.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).

Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

108
 Tenth Section: Research and Innovation
5.22. Institutional Innovation

The axis includes practices and procedures that enable the agency to raise its readiness towards adopting innovation and
sustaining the innovative environment in of digital government.

5.22.1 Adopting innovation as a strategic direction

Enhancing the concept of innovation in the various strategies of government agencies, including the
Objective agency's digital transformation strategy, ensuring the agency's direction towards activating and
adopting innovation.

1) Including innovation as a pillar in the agency's digital transformation strategy, and setting goals
and indicators to activate and align the concept of innovation with the agency's strategic
objectives and identify recognition requirements.
Compliance 2) Identifying and aligning innovation initiatives and projects with the agency’s strategic priorities
Requirements and objectives.
3) Adopting mechanisms for cooperation, communication and partnership with national or
international research, development and innovation bodies, centers and laboratories to benefit
from experiences and capabilities to activate innovation in the agency and adopt innovative
solutions.

1) Attaching the part that clarifies the role of innovation and the associated objectives and indicators
Supporting in the agency’s digital transformation strategy.
documents 2) Attaching a document specifying the agency’s innovation initiatives and projects.
3) Attaching a mechanism or framework for partnership and cooperation with research,
development and innovation centers and laboratories.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

109
 5.22.2 Applying Innovation Methodologies

Adopting innovation methodologies and concepts to ensure the development and sustainability of
Objective the innovative environment and contribute to the innovation and sustainability of innovative
products, services and solutions.

1) Adopting the concepts of innovative design by conducting brainstorming sessions in addressing

challenges and generating ideas.
Compliance 2) Adopting the concept of open innovation by providing beneficiaries with the opportunity to
Requirements contribute to the design of solutions and services, and participating in open innovation events,
such as hackathons, competitions and specialized workshops.
3) Cooperating with entities, centers and companies specialized in the fields of open innovation and
innovative design.

1) Sample of a report proving the adoption of the agency of the innovative design methods and
concepts, to include the following:
a. Methodology used and methods of application.
b. Examples of outputs.
2) A report proving the adoption of the agency of the open innovation methodology, to include the
Supporting following:
documents a. Methods and means used, such as hackathons or competitions (priority is given to
hackathons that are conducted in partnership with the competent authorities and centers for
such events).
b. Number of participants in the open innovation events.
c. Attaching adequate samples showing these events have been convened.
3) A report showing cooperation with entities specialized in the fields of innovative design and open
innovation, such as hackathons.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

110
 5.22.3 Activation and governance of innovation
Developing a special framework or mechanism for governance of innovation in digital transformation
aimed at following up the implementation of innovation initiatives, ensuring the achievement of
Objective
objectives and the sustainability of solutions and products, and preserving the rights and intellectual
property of the agencies in their innovative products.

1) Forming an administrative unit, committee or specialized team to stimulate and adopt innovation
and its concepts within the agency.
2) Activating the unit/ committee and approving its procedures and processes with the relevant
Compliance departments and committees, to include the following:
Requirements a. Issuing decisions in the field of digital innovation.
b. Defining unit/committee procedures and processes.
c. Listing digital innovation initiatives and projects within the agency.
3) Organizing events and activities to spread the environment and culture of innovation in the
agency, through training and awareness and knowledge-raising workshops.

1) Attaching the structure, roles and responsibilities of the administrative unit/ committee.
2) Attaching a report proving the activation of the competent department or committee, to include
the following:
a. Sample of decisions taken by the unit/ committee.
Supporting
b. Procedures and processes adopted for this unit/ committee.
documents
c. Cards of digital innovation initiatives and projects within the agency, and implementation
follow-up reports.
3) Attaching an achievement report to the events and activities that have been implemented to
spread the environment and culture of innovation in the agency, including methods, means and
number of beneficiaries.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

111
 5.22.4 Management of Digital Innovation
Developing the mechanisms necessary to manage digital innovation, generate and collect innovative
Objective
ideas, and develop applicable use cases by the government agency.

1) Activating a clear innovation management mechanism that show the full journey from idea and
design to development and implementation.
2) Generating, inventorying and collecting applicable innovative ideas that fits with the agency’s
strategic focus areas and priorities, to include the following:
a. Identifying areas of innovation (such as innovation in digital products and services provided
Compliance
to beneficiaries, innovation in the agency's internal procedures, or innovation in business
Requirements
models).
b. Identifying innovation source (such as hackathons or research studies).
c. Identifying emerging technologies or innovative models to be used in development.
d. Identifying ideas that will be transformed into innovative products in 2024.
e. Determining the expected impact of the ideas that will be transformed into innovative
products.

1) Attaching an approved framework or mechanism for managing innovation.

2) Attach a report on the creative ideas and applicable use cases, to include the following:
Supporting a. Areas of innovation.
documents b. Sources of innovation.
c. Emerging technologies or innovative models to be used in development.
d. Ideas that will be transformed into innovative products in 2024.
e. Expected impact of the ideas that will be transformed into innovative products.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

112
 5.23. Innovative Solutions

The axis includes standards and requirements for developing and implementing innovative solutions to achieve added value,
measuring impact for sustainability of innovative solutions and following up on their continuous improvement in digital
government.

5.23.1 Developing and implementing innovative solutions

Designing innovative solutions that achieve the concept of digital transformation and implementing
Objective
them on the ground in order to achieve added value for the agency and the beneficiary.

1) Designing innovative solutions, while adhering to the following:

a. Linking innovative solutions to one of the digital transformation axes.
b. The innovative solution should not have been previously presented in previous sessions to
measure, unless there is a significant development in the solution, and the same shall be
clarified.
Compliance
c. The idea of an innovative solution should be based on innovative models and concepts (e.g.
Requirements
proactive models or innovative concepts such as Gamification or crowdsourcing).
d. Using emerging technologies in the solution.
2) Implementing and applying the innovative solution, while adhering to the following:
a. The innovative solution has been in use for at least 6 months, not at the planning, design or
piloting stage.
b. The innovative solution should not be implemented for more than 5 years.

1) Attaching a prototype for the innovative solution (Maximum two prototypes), including all data
and detailed information about the solution and the technologies and concepts used in its
Supporting
design and building, with an explanation of the developments and improvements that have
documents
been made during the current period, if it was previously submitted.
2) Attaching an achievement report to implement and apply the solution and its beneficiary
segment.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

113
 5.23.2 Measure impact of applying innovative solutions
Evaluating the results and effects achieved from the implementation of innovative solutions, and
Objective
clarifying the added value and continuous improvement of innovative solutions.

1) Developing a methodology for measuring the impact of applying the innovative solutions that
details the targeted groups, and identifies the types of expected impacts (economic, social,
financial, functional, ...), whether it is a positive or a negative impact.
2) Evaluating the impacts resulted from the application of innovative solutions, to include the
following:
Compliance
a. Impact on beneficiaries (it includes beneficiary segments, verification percentages, and
Requirements
inventory studies and methodologies).
b. Financial impact (it includes reducing costs and achieving returns, as well as exploiting and
improving resources).
c. Impact on the agency (it includes business models, performance improvement and
operational efficiency).
d. The local, regional or international awards received by the innovative solution

1) Attaching a summary of the methodology used to measure impact.

2) Attaching a report of the impact resulting from the application of the innovative solution, to
Supporting include the following:
documents a. Impact on beneficiaries.
b. Fiscal impact.
c. Impact on agency.
d. Accreditations and awards.

Related Orders,
Resolutions and ▪ Royal Court Circular No. (6262) dated 26/01/1445 AH, paragraphs No. (1) and (18).
Circulars

Scope All government agencies.

Digital Transformation Basic Standards DGA-1-2-1-111

114
6. Table of Definitions
The following terms and expressions, wherever mentioned herein, shall have the meanings ascribed
thereto, unless the context requires otherwise:

Term Definition

DGA Digital Government Authority

Promotes administrative, organizational and operational processes between the various

Digital Government government entities in their transitioning to a comprehensive digital transformation to allow easy
and effective access to government digital information and services.

Digitally and strategically transforming and developing business standards and models that would
Digital Transformation
rely on data, technologies, and ICT.

An evaluation process based on a specific methodology aimed at Government Agencies to analyze

Digital Transformation their current situation and follow up on the development of their journey of digital transformation
Measurement according to best practices and standards, thus contributing to achieving the Objectives of the Saudi
Vision 2030.

Ministries, authorities, public institutions, councils, national centers including any additional form
Government Agency
of a public entity.

A policy defines the course or principles of action to guide and determine present and future actions
Policy and it specifies what Government Agencies are required to do Policies can have related standards
that provide more information for agencies.

Standards A set of rules and controls regulating the operations and tasks related to the digital government.

Specify the conditions government agencies must comply with and what they must do to achieve
Controls
the objectives and general provisions stated in the policy associated with them.

Provides examples showing the implementation mechanism of the of policies and standards in
Guidelines
place.

Practices and controls to analyze the as-is state of Government Agency, and develop a roadmap for
transition to the to-be state to realize alignment between business sector (services and procedures),
Enterprise Architecture
information technology (data, implementations, and infrastructure) and strategic objectives of the
Government Agency.

The resources, capabilities, procedures, and actions necessary to continue providing core services
Business Continuity
and products at pre-determined levels and within an acceptable time frame in the event of

Digital Transformation Basic Standards DGA-1-2-1-111

115

Business Continuity
Plans
"Business Process
Reengineering" (BPR)
Procedures
Documentation
Business Process
Improvement (BPI)
Change Management
Government Resource
Management Systems
(GRP/ERP)
Data Architecture
Open Data
Data Set
Digital Transformation Basic Standards
disruption
A document that specifies the general framework for managing, coordinating and directing
resources, capabilities, human and technical capabilities, and procedures to respond to
interruptions and resume operations to provide necessary products and basic services, and recover
as quickly as possible for the continuity of the agency’s business.
Re-designing the processes, procedures and work provided by the institution or agency with the
aim of creating development in terms of quality, quick completion, cost and service, in line with the
institution’s vision. The procedure engineering process may require restructuring and arranging the
entire institution or part of it, including establishing or closing entire organizational units.
Processes through which the steps of procedures for the services provided are determined, and
these procedures are drawn and represented in order to study, analyze, and develop their
performance.
A structured process that an organization or agency uses to develop the procedures and services it
provides and make them more efficient and productive.
Organized processes and procedures imposed by the compliance requirements of a new system or
plan to move individuals or institutions from their current situation to a better situation. This is done
through specific and deliberate steps that take into account the nature of the institution, its ability
to develop and the surrounding circumstances. Change usually passes through three main steps:
namely: preparing for change, managing change, and sustaining change.
Integrated computer systems made up of a group of subsystems (modules) such as procurement,
human resources, financial, and other systems. These systems manage all procedures and data
related to the workflow within the institution or agency in an automated and coordinated manner
that increases efficiency and productivity, unifies resources, and increases data accuracy.
Data architecture includes for example: data classification, data exchange, a list of data used in the
entity, the definition of its sources and associated databases
Data that any individual can freely use, without technical, financial or legal restrictions, as well as
reuse and publish it, taking into account the requirements of the legal license under which this data
was published.
A set of data often corresponds to the contents of one database table or statistical data matrix,
where each column in such table represents a specific variable, and each row represents one
element in the involved data set.
DGA-1-2-1-111
116
 Information systems that aim to support the decision ¬making process within the Government
Decision Support Agency, by linking data, complex analysis models and data analysis tools. Such systems help
Systems decision-makers take the right and timely decisions in unforeseen circumstances. In addition, such
system are able to predict problems before they occur.

Government Services A unified platform used for Government shared services that are continuously updated and provides
Bus (GSB) integration between Government Entities quickly and securely.

A set of transactions linked to each other to perform a complete function provided by the
government agency to the beneficiary through digital channels such as digital portals and smart
Digital Service
device applications so that they have one main exit defined and specified. A group of services can
be linked together to form a digital product.

Involves all channels through which the Government Agency can provide services. For example, the
Service Delivery Channel Government Agency's head office, portal, telephone and automated answering machine, smart
device implementations, or service kiosks.

Any electronic service aimed at verifying the validity and integrity of electronic transactions and
Digital Trust Service
the identity of customers, including (e-signature, e-stamp, timestamp, etc.).

Systems and services provided by a Government Agency targeting other Government Agencies to
Shared Systems & provide services and solutions that support the implementation of the "Whole of Government
Services Concept" and provide Government Digital Services that are beneficiary-focused, seamless, end- to-
end, and avoid duplication.

A Whole of Government Platform is a technology-enabled, business-driven central platform to

Whole-of-Government continually manage, improve, and deliver government services across multiple digital touch points.
Platform It provides unified seamless integrated cross-channel consistency, omni-channel user insights and
active user engagement at every digital touchpoint.

A Comprehensive approach aims to unify the efforts of different units and government entities to
Whole-of-Government
achieve one purpose.

Any Government entity that owns the Government Shared Systems and Services, whether it
Owner
manages and operates it directly or through another Operating Entity

Any entity manages or operates the Government Shared Systems and Services through a
Operator
contracting relationship with the Owning Entity.

Government agencies that own shared government systems and services, whether the platform is
Responsible
developed, managed and operated by them or by others. These are the entities that work to enable
Government Agency
government agencies to benefit from their shared systems and services

Digital Transformation Basic Standards DGA-1-2-1-111

117
 Government agencies that own, operate and develop platforms, and benefit from or are eligible to
benefit from electronic systems and shared government services, based on its business needs, the
Beneficiaries Agencies
functional requirements for building and operating its platforms, and in accordance with the
regulations issued by the DGA in this regard.

Digital interaction and participation that allows the beneficiaries to provide their feedback, share
Electronic Participation their ideas and suggestions about specific topic related to society, this includes conducting voice of
customer studies, to improve government services that revolves around the beneficiary needs.

Beneficiary's interaction with the Government during all stages of service delivery, through
Beneficiary Experience adoption of creative, interactive and visual design principles, accessibility and usage, to ensure
sustainability and continuity of the relationship.

Citizens, residents, visitors, government agencies, private sector, and not-for-profit sector, inside or
Beneficiary outside Saudi Arabia that required to interact with a government entity to receive any of the
services offered in Saudi Arabia.

An innovation is the implementation of a new or significantly improved product (good or service),

Innovation or process, a new marketing method, or a new organizational method in business practices,
workplace organization or external relations.

A model which enables convenient, on-demand network access to a shared pool of configurable
Cloud Computing computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly
provisioned and released with minimal management effort or service provider interaction

Modern technologies that support digital government works, which have achieved a qualitative
Emerging Technologies leap in digital transformation, and are still subject to development, such as artificial intelligence,
the Internet of Things, the block chain, etc.

Application A set of commands, functions, objects, and protocols developed to be used by programmers to
Programming Interfaces develop software, or to interact with other systems and/or software.

Unified Electronic Portal

for Government Government Tenders and Procurement System (Munafasat)
Procurement “Etimad”.

Digital Transformation Basic Standards DGA-1-2-1-111

118
7. Appendices
7.1 Measurement Mechanism
The 2020 Digital Transformation Measurement target to assess compliance with standards and requirements related to Digital
Transformation and identifies the level of compliance with each standard. The measurement cycle is carried out with Government
Agencies as follows:

Figure (4): measurement cycle

1) Digital Transformation Measurement (Qiyas) Launch Workshop

Digital Transformation Measurement (Qiyas) workshop shall be launched via an introductory workshop for which all
representatives of covered Government Agencies shall be invited to attend, review updates to Digital Transformation
Measurement (Qiyas) cycle, get familiar with the adopted methodology, and respond to answers and inquiries related to Digital
Transformation Measurement (Qiyas) during the workshop.

2) Making the System Available to the Government Agencies to Submit their Responses

Digital Transformation Measurement (Qiyas) System shall be made available to the liaison officer or his representative at the
Government Agencies to review compliance cards, begin responding to them and attach required certificates for question
cards. The question card shall state all details from the standard, legal reference, supporting documents and answer options,
keeping in mind the following requirements for the supporting documents.
Requirements
• Attached strategies and plans shall be valid and approved and shall include all elements and components to be met in the

relevant plan as per the best practices.

• Attached decisions and directions shall be enforceable, valid, issued and approved by the authorized person in the

Government Agency.

Digital Transformation Basic Standards DGA-1-2-1-111

119
 • Attached reports shall be issued by the concerned department and shall include all information referred to in the report

request.

• Attached studies and surveys shall clarify all adopted methodologies of data collection and analysis and shall include

results and recommendations.

• Methodologies, policies, controls, and standards shall be valid, approved and applied at the Government Agency and shall

be prepared in accordance with the best practices.

• The authorized person shall be responsible of the document content and the owner of the document. When the authorized

person signs and affixes his name on the document, the document will be considered approved.

3) First Stage of Verification

This stage shall include auditing and assessment as per the verification mechanism. The verification process shall be carried
out by a team dedicated to answers of Government Agencies, which shall review the attached certificates of each card and
insert notes, if any, below each compliance card to be reviewed by the liaison officer or his representative at the target
Government Agencies. Notes shall refer to the additional required certificates or to failure to meet the required compliance
standards.

4) Stage of Addressing Comments

Government Agencies shall be granted an additional period to address the comments that the team inserted, review comments
on each question card and re-attach the required certificates if required.

5) Final Stage of Verification

This stage shall include auditing and final assessment of answers of the Government Agencies and final notes of the participant
Government Agencies.

6) Reporting

After completion of results auditing, reports of participant Government Agencies shall be issued, after addressing comments
on the assessment. Reports shall include compliance levels and ratios and detailed content about comparisons of total results
of the Government Agency to the ones of the other agencies. Reports shall be made available on the system, and the senior
official at the Government Agency shall be advised of the result, and then, results of Government Agencies shall be presented
to His Royal Highness.

Digital Transformation Basic Standards DGA-1-2-1-111

120
 7.2. Mechanism of Compliance Verification
Qiyas Team shall review documents and attachments via Digital Transformation Measurement (Qiyas) System and determine the
proper methods of verification, if required. Verification methods are limited to the following:
• Documents attached by the Government Agency via Digital Transformation Measurement (Qiyas) System.

• Field Visits to the Government Agencies (if necessary).

• Detailed reports received from the competent agencies.

• Virtual meetings.

Levels of compliance with the Standard are determined via one of the following compliance levels:

Figure (5): Compliance Levels

Digital Transformation Basic Standards DGA-1-2-1-111

121
 7.3 Mechanism for Inquiry or Information Request
• Notes related to System and inquiries about the methodology:

In case of request or inquiry by one of the Government Agencies, such requests shall be handled as per the following procedures
and mechanism:

The request or report shall be raised via relevant channels:

• Qiyas System / Messaging System

• Amer Center – Unified number (199099)

Such requests and inquiries shall be processed within (3) working days.

Notes to the assessment of compliance with standards:

The Government Agency may reserve the right to object to assessment of compliance with standards during the stage of addressing
comments as per the Digital Transformation Measurement (Qiyas) timeline via one of the above official channels, which shall
include the following:
• The reference number of standard or control

• Objection provision

• Reference to evidence achieving the standard. Each evidence shall be covered by the attachments uploaded on the system.

Digital Transformation Basic Standards DGA-1-2-1-111

122
 • Log in to System

Log in the Digital Transformation Measurement (Qiyas) via QR Code or via the following link:

Digital Transformation Basic Standards DGA-1-2-1-111

123
 7.4 High Orders, Council of Ministers Resolutions and Relevant Circulars

The figure below shows the list of High Orders, Council of Ministers Resolutions, and Circulars related to digital

transformation in the basic standards document for digital transformation after being updated.

# High Orders and Council of Ministers’ Resolutions

Royal Order No. (8189/MB) Council of Ministers’ Resolutions Electronic Transactions Law issued Council of Ministers’ Resolution

dated 19/06/1426 AH, No. (40) dated 27/02/1427 AH, by Royal Decree No. (M/18) dated No. (240) dated 23/07/1428 AH,

Forming Committees for approving the controls for the 08/03/1428 AH, as amended by Organizing

Electronic Transactions application of e-government Council of Ministers’ Resolution Information Technology works

transactions, as amended by No. (293) dated 09/04/1445 AH, at Government Agencies.

Council of Ministers’ Resolution and its executive regulations

No. (252) dated 16/07/1431 AH,.

Council of Ministers’ High Order No. (41990) dated High Order No. (48310) dated High Order No. (11904) dated

Resolution No. (82) dated 11/10/1435 AH, on the use of 26/11/1435 AH, on Total Quality 05/03/1437 AH, regarding

22/03/1431 AH, digital certificates and Management posting on the Saudi National

Regarding the compliance with required Portal

recommendations of the security specifications

Information Technology and

National Security Conference

1
High Order No. (57231) dated High Order No. (7732) dated Council of Ministers’ Resolution Royal Decree No. (M/128) dated

10/11/1439AH, on the 12/02/1440AH, on Shared No. (555) dated 23/09/1440 AH, 13/11/1440 AH, approving the

Electronic Control System Platforms, Business Continuity regarding the controls of using Government Tenders and

(SHAMIL) and Data Sharing information and communication Procurement Law

technologies in government

agencies

High Order No. (17850) dated Council of Ministers’ Resolution Council of Ministers’ Resolution Royal Decree No. (M/106) dated

16/03/1441 AH, on the No. (418) dated 25/07/1442 AH, No. (14) dated 02/01/1443 AH, on 02/11/1443 AH, approving the

inventory and documentation approving the Digital Free and Open Source Government Communications and

of everything related to Government Authority's Software Information Technology Act, its

quality of services and Regulations. executive regulations, and

satisfaction of beneficiaries registration regulations and

and exchange of data with rules drawn up thereon

government agencies

Digital Transformation Basic Standards DGA-1-2-1-111

124
Royal Court's Circular No. Royal Court's Circular No. (70701) Council of Ministers’ Direction Royal Court's Circular No. (6262)

(22424) dated 09/04/1443 dated 13/11/1443 AH, which notified under His Excellency the dated 26/01/1445AH, regarding

AH, on seeking the views of includes the application of the President of the Royal Court Letter transaction related to the

public and government concept of e-participation and No. (8102) dated 03/02/1444 AH, eighth and ninth annual reports

agencies on the unified polling public’s opinions in regarding finding solutions for the to measure government digital

electronic platform when decision-making. governance of communication transformation

preparing a proposal related services.

to economic and

developmental affairs for

draft rules, regulations,

decisions etc. of a regulatory

nature.

Royal Court Circular No. Personal Data Protection Law

47746 dated 29/06/1445 AH, issued by Royal Decree No.

regarding the approval of (M/19) dated 09/02/1443 AH, as

controls of media use of social amended by Royal Decree No.

media in government (M/148) dated 05/09/1444 AH,

agencies. and its executive regulations

issued on 29/02/1445 AH,

Digital Transformation Basic Standards DGA-1-2-1-111

125
 # Circulars

Minister of Finance Circular Digital Government

Digital Government
No. (49989) dated Authority’s Circular No. Digital Government
Authority’s Circular No.
12/02/1442 AH, on (5589/42/1) dated (955) dated 28/01/1443 AH, Authority's Circular No. (916)

Governance of all items 07/11/1442 AH, based on its based on its Regulations dated 15/01/1443 AH,

related to Communication Regulations issued by issued by Council of regarding the automation of

Services Council of Ministers’ Ministers’ Resolution No. digital circuits and other
(418) dated 25/07/1442 AH,
Resolution No. (418) dated telecommunications services

25/07/1442 AH,

Digital Government

Authority’s Circular No.

Digital Government Minister of Finance Circular
(1533) dated 23/05/1443 Digital Government
Authority’s Circular No. No. (46973) dated
AH, on reporting the Authority’s Circular No. (2044)
(1878) dated 24/09/1443 05/12/1443 AH, on
interruption of digital dated 28/12/1443 AH, on Risks
AH, on Business Continuity Governance of Digital
government services Management Controls
Management Standards Circuits Services
2 issued to all government

agencies

Digital Government Digital Government

Digital Government Digital Government
Authority’s Circular No. Authority’s Circular No.
Authority’s Circular No. (257) Authority’s Circular No. (1339)
(102) dated 09/02/1444 (378) dated 02/06/1444
dated 08/04/1444 AH, dated 15/11/1444 AH, on
AH, on preparing a plan for AH, on activation of
regarding digital textile Whole-of-Government
transformation towards electronic payment
product. Platforms Controls
cloud solutions channels and unified access

Minister of Finance Circular

Digital Government
No. (1748) dated
Digital Government Authority’s Circular No.
14/01/1445 AH, regarding
Authority’s Circular No. (311) (754) dated 26/05/1445 AH,
the draft framework
dated 16/03/1445 AH, on regarding inventory of
agreement for digital
Risks Management Controls application programming
services.
interfaces

You can access document details (except for Circulars) by visiting National Center for Archives and Records website on the following link: (www.ncar.gov.sa)

Digital Transformation Basic Standards DGA-1-2-1-111

126
The table below shows the link between the standards derived from the Higher Orders, and Council of Ministers’ Resolutions and
the circulars (Section IV of the basic standards document for digital transformation issued in 2023) and the axes of digital
transformation, at the level of the axis, standard and the requirement number in each standard.
High Orders, Council of Relation in Qiyas 2024
Standard
Ministers’ Resolutions and Standard Requirement
In Qiyas 2023 Axis Axis Number
Circulars Number Number

Unifying the departments

supervising information
technology into one
Council of Ministers’ department, to be responsible
Resolution No. (240) dated for the management of
4.1.1 5.2.1 4
23/07/1428 AH, Clauses information technology and all
(First) and (Third). related departments, tasks and
processes, and linked to the
chief office or representative/ Digital Transformation
5.2
deputy Governance

Assigning the position of

General Manager to the person
Council of Ministers’ responsible for the Information
Resolution No. (240) dated Technology Unit/ Department
4.1.2 5.2.1 4
23/07/1428 AH, Clause and appointing the qualified
(Second). person of the agency's
employees at the head of this
unit.

Establishing an overall-quality
administrative unit in the
High Order No. (48310) dated
telecommunications and Technological
26/11/1435 AH, Paragraph No. 4.1.3 5.11 5.11.1 3
information technology centers Services Infrastructure
(1).
and computer departments of
the government agency.

Council of Ministers’
Resolution No. (40) dated
27/02/1427 AH, Paragraph
No. (17) of Electronic Formation of e-Government Digital Transformation
4.2.1 5.2 5.2.1 5
Government Transactions Transactions Committee Governance
Regulations.

High Order No. (8189/MB)

dated 19/06/1426 AH,.

Digital Transformation Basic Standards DGA-1-2-1-111

127
 Developing and implementing a
Council of Ministers’
detailed plan for
Resolution No. (40) dated
transformation to e-
27/02/1427 AH, Paragraph Digital transformation
4.2.2 government transactions 5.1 5.1.1 1
No. (16) of Electronic planning
(digital transformation), in
Government Transactions
coordination with the Digital
Regulations.
Government Authority

Taking advantage of the

High Order No. (57231) dated
services available in the Unified
10/11/1439 AH, Clause 4.3.1 5
Electronic Government
(Seventh).
Procurement Portal “Etimad”.

Linking to the electronic control

High Order No. (57231) dated
4.3.2 system of the General Bureau 6
10/11/1439 AH, Clause (Third).
for Auditing “Shamil”.

Digital Government
Authority’s Circular No. (378)
Whole-of-government
dated 02/06/1444 AH, on Linking to the Unified National 5.13 5.13.2
4.3.3 platforms 3
activation of electronic Access Platform "NAFAD"
payment channels and unified
access.

Digital Government
Authority’s Circular No. (378)
dated 02/06/1444 AH, on Link to Direct Online Payment
4.3.4 4
activation of electronic Service “Tahseel”
payment channels and unified
access.

Council of Ministers’
Resolution No. (555) dated
23/09/1440 AH, Paragraph
No. (1) of Clause (Second) of
the controls of using
Registering the domain names
information and
of the agency's websites in
communication technologies
accordance with the regulations
in government agencies. 4.4.1 Whole-of-government
and rules issued by the Saudi 5.13 5.13.10 1
Telecommunications Law platforms
Network Information Center at
issued by the Council of
the Communications, Space &
Ministers’ Resolution No.
Technology Commission
(592) dated 01/11/1443 AH,
and its executive regulations,
and the regulations and rules
for registration derived
therefrom.

Council of Ministers’
Availability of the necessary
Resolution No. (555) dated Beneficiary
4.4.2 information on the government 5.16 5.16.1 1
23/09/1440 AH, Paragraph participation
agency’s website.
No. (2) of Clause (Second) of

Digital Transformation Basic Standards DGA-1-2-1-111

128
the controls of using
information and
communication technologies
in government agencies.

Council of Ministers’
Resolution No. (555) dated
23/09/1440 AH, Paragraph
Hosting the agency's websites,
No. (3) of Clause (Second) of Technological
4.4.3 information and services within 5.11 5.11.2 4
the controls of using Services Infrastructure
Saudi Arabia
information and
communication technologies
in government agencies.

Digital Government
Authority’s Circular No. (1533)
dated 23/05/1443 AH, on
Reporting interruption of
reporting the interruption of 4.4.4 Business Continuity 5.9 5.9.5 7
digital government services
digital government services
issued to all government
agencies.

High Order No. (41990) dated

11/10/1435 AH,.

High Order No. (57231) dated

10/11/1439 AH, Clause
(Fourth). Using e-signature and

Council of Ministers’ everything related to the

Resolution No. (555) dated authentication of data, Whole-of-government

4.5.1 5.13 5.13.7 1
23/09/1427 AH, Paragraph documents, automated platforms

No. (2) of Clause (Seventh). documents and emails provided

Electronic Transactions Law to beneficiaries.

issued by the Council of

Ministers’ Resolution No. (80)
dated 07/03/1428 AH, and its
Executive Regulations.

High Order No. (41990) dated

11/10/1435 AH,. Using e-signature and
High Order No. (57231) dated everything related to the
10/11/1439 AH, Clause authentication of data,
Whole-of-government
(Fourth). 4.5.2 documents, automated 5.13 5.13.7 2
platforms
Council of Ministers’ documents, emails and

Resolution No. (555) dated electronic procedures within

23/09/1427 AH, Paragraph the agency.

No. (2) of Clause (Seventh).

Digital Transformation Basic Standards DGA-1-2-1-111

129
Electronic Transactions Law
issued by the Council of
Ministers’ Resolution No. (80)
dated 07/03/1428 AH, and its
Executive Regulations.

Council of Ministers’
Resolution No. (40) dated
27/02/1427 AH, Paragraph
Using e-mail and electronic
No. (13).
means of communication in the
Council of Ministers’ 4.6.1 1
government agency's
Resolution No. (555) dated
businesses.
23/09/1440 AH, Paragraphs
No. (1) and (3) of Clause
(Third).

Council of Ministers’
Including in e-mails a disclaimer Systems that support
Resolution No. (555) dated 5.10 5.10.5
4.6.2 regarding the contents of public digital transformation 2
23/09/1427 AH, Paragraph
or private government e-mails
No. (4) of Clause (Third).

Council of Ministers’
Resolution No. (555) dated Hosting government email
4.6.3 4
23/09/1427 AH, Paragraph servers within Saudi Arabia
No. (5) of Clause (Third).

Council of Ministers’
Writing down the user's
Resolution No. (555) dated
4.6.4 government email address on 3
23/09/1427 AH, Paragraph
the business card only
No. (6) of Clause (Third).

Council of Ministers’ Developing official and

Resolution No. (555) dated technical policies to control the
4.7.1 4
23/09/1440 AH, Clause use of technological assets by
(Fifth). the agency's employees
5.11.1
Council of Ministers’ Setting controls and rules for
Resolution No. (555) dated the agency's employees when
4.7.2 5
23/09/1427 AH, Paragraph using their personal devices for
Technological
No. (1) of Clause (Sixth). work purposes 5.11
Services Infrastructure
Setting electronic controls and
restrictions that limit the
Council of Ministers’
uploading of large personal
Resolution No. (555) dated
4.7.3 files or unlicensed software by 5.11.2 5
23/09/1427 AH, Paragraph
the agency's employees, except
No. (2) of Clause (Sixth).
as provided for in the relevant
regulations

Continuously raising awareness

Council of Ministers’
of the agency’s employees on
Resolution No. (555) dated Digital Culture and
4.7.4 the need to abide by laws and 5.4 5.4.2
23/09/1427 AH, Paragraph Environment 2
regulations related to controls
No. (4) of Clause (Ninth).
of using information and

Digital Transformation Basic Standards DGA-1-2-1-111

130
 communication technologies

Council of Ministers’
Resolution No. (14) dated The government agency
02/01/1443 AH, Paragraph obtains the government license
4.8.1 1
No. (5) of Clause (H: Rules for free and open source
Implementation software
Considerations).

Council of Ministers’
Resolution No. (14) dated Promoting opportunities to
02/01/1443 AH, Paragraph 4.8.2 reuse government software
No. (1) of Clause (B: Purpose of available for use
the Rules).
3
Council of Ministers’
The government agency applies
Resolution No. (14) dated
the approved mechanism for
02/01/1443 AH, Clause (D: 4.8.3
purchasing government
Government Software
software
Purchase Considerations). Technological
5.11 5.11.4
Council of Ministers’ Services Infrastructure
Government agency applies the
Resolution No. (14) dated
provisions and rules related to
02/01/1443 AH, Clause (E: 4.8.4 4
contracting to build
Provisions for contracting to
government software
build government software).

Council of Ministers’
Resolution No. (14) dated Listing the government
02/01/1443 AH, Paragraph agency's open source software
4.8.5 2
No. (2) of Clause (H: Rules that it wishes to share with the
Implementation government agencies
Considerations).

Council of Ministers’ The agency prepares its

Resolution No. (14) dated departments concerned with
02/01/1443 AH, Clause (F: 4.8.6 open source software to 5
Software Deployment interact with the information
Considerations). software community

Council of Ministers’
Resolution No. (40) dated
Keeping and archiving the
27/02/1427 AH, Paragraph
agency's documents, contracts,
No. (3).
decisions, letters and data
Council of Ministers’
electronically, and linking them Systems that support
Resolution No. (555) dated 4.9.1 5.10 5.10.3 2&3
to its financial and digital transformation
23/09/1440 AH, Sub-
administrative systems in an
paragraph (A), Paragraph No.
automated system for ease of
(1) of Clause (Fifth).
access to them.
High Order No. (57231) dated
10/11/1439 AH, Clause (First).

Council of Ministers’ Decision Classifying the agency's Data Governance and

4.9.2 5.19 5.19.3 1
No. (40) dated 27/02/1427 information and data according Management

Digital Transformation Basic Standards DGA-1-2-1-111

131
AH, Paragraph No. (2). to the indicative levels and
specifications

Developing a specific
Council of Ministers’
mechanism to update the
Resolution No. (40) dated
4.9.3 information and data recorded 5.19.2 4
27/02/1427 AH, Paragraph
in the agency's databases to
No. (6).
ensure its accuracy

Council of Ministers’ Availability of the agency's data

Resolution No. (40) dated on the Government Services
27/02/1427 AH, Controls No. Bus (GSB) and providing this
(4), (5) and (7). data to government agencies Data Usage and
4.9.4 5.20 5.20.2 1
free of charge if requested to Availability
High Order No. (7732) dated
avoid duplication and
12/02/1440 AH, Clause
redundancy in databases and
(Fifth).
data.

Digital Channels and

The agency includes in its 5.15 5.15.3 8
Services
annual reports statistics on its
commitment to share data with
High Order No. (17850) dated
other government agencies, the
16/03/1441 AH, Clause 4.9.5
time taken to complete its Data Usage and
(Second). 5.20 5.20.2 2
services and the satisfaction of Availability
beneficiaries with the services
that the agency provides.

Council of Ministers’ Decision

Obliging the agency's
No. (40) dated 27/02/1427
employees to abide by the
AH, Paragraph No. (8).
standards related to privacy Data Governance and
Council of Ministers’ 4.9.6 5.19 5.19.2 4
protection, and taking the Management
Resolution No. (555) dated
necessary action to ensure this
23/09/1427 AH, Paragraph
right
No. (5) of Clause (Ninth).

Providing adequate
information on the services the
agency provides and their
Council of Ministers’ places, the services procedures,
Resolution No. (40) dated and the agency's systems and Digital Channels and
4.10.1 5.15 5.15.3 2
27/02/1427 AH, Paragraph executive regulations and Services
No. (15). public versions through its
website or through other
appropriate electronic access
channels

High Order No. (11904) dated Agencies survey their existing Whole-of-government
4.10.2 5.13 5.13.8 1
05/03/1437 AH,. platforms with the Digital platforms

Digital Transformation Basic Standards DGA-1-2-1-111

132
Digital Government Government Authority
Authority’s Circular No. (955)
dated 28/01/1443 AH, based
on its Regulations issued by
the Council of Ministers’
Resolution No. (418) dated
25/07/1442 AH,.

Digital Government
Authority’s Circular No.
Obtaining the DGA’s prior
(5589/42/1) dated
approval before establishing or
07/11/1442 AH, based on its
4.10.3 launching any platform 2
Regulations issued by the
Council of Ministers’
Resolution No. (418) dated
25/07/1442 AH,.

Council of Ministers’ Surveying and documenting all

Resolution No. (40) dated the agency’s processes and
4.10.4 5.7.2 1
27/02/1427 AH, Paragraph procedures clearly and
No. (10) accurately
Work procedures 5.7
Council of Ministers’
Continuously redesigning and
Resolution No. (40) dated
4.10.5 improving processes and 5.7.3 1
27/02/1427 AH, Paragraph
procedures
No. (11)

Council of Ministers’
Implementing and using
Resolution No. (40) dated Systems that support
4.10.6 government GRP systems 5.10 5.10.1 1
27/02/1427 AH, Paragraph digital transformation
effectively
No. (12)

Finding alternative backup

Council of Ministers’ centers for storing data, and
Resolution No. (82) dated centers for sensitive systems for
4.11.1 Business Continuity 5.9 5.9.5 3
22/03/1431 AH, storing, operating and testing
Recommendation (14) data in accordance with the
international standards

Digital Government
Authority’s Circular No. (102)
Developing a plan to adopt
dated 09/02/1444 AH, on
4.12.1 cloud computing services and Cloud Architecture 5.12 5.12.2 1
preparing a plan for
integrate data centers
transformation towards cloud
solutions.

Digital Government
Authority’s Circular No. (1878)
Building and managing a 5.9.1 to
dated 24/09/1443 AH, on 4.13.1 Business Continuity 5.9 All requirements
business continuity system 5.9.7
Business Continuity
Management Standards.

Digital Government Building and managing risks 5.8.1 to

4.13.2 Risks Management 5.8 All requirements
Authority’s Circular No. management system 5.8.5

Digital Transformation Basic Standards DGA-1-2-1-111

133
(2044) dated 28/12/1443 AH,
on Risks Management
Controls.

The agency periodically

Council of Ministers’ measures the progress in
Resolution No. (40) dated transformation to electronic Digital transformation
4.14.1 5.1 5.1.3 3
27/02/1427 AH, Paragraph transactions, and the results of planning
No. (22). this process are included in the
agency's annual report

Council of Ministers’ Applying controls related to

Enhancing
Resolution No. (555) dated social media issued by the
4.14.2 relationship with the 5.17 5.17.1 2
23/09/1440 AH, Paragraph Ministry of Information and
beneficiary
No. Item of Item (Eighth). relevant authorities

Council of Ministers’ Training authorized personnel

Resolution No. (555) dated to use and utilize information Digital Culture and
4.14.3 5.4 5.4.3 3
23/09/1440 AH, Paragraph systems and resources, as Environment
No. (1) of Item (Ninth). needed

Recruiting, training and

Council of Ministers’
developing capabilities of Developing digital
Resolution No. (555) dated
4.14.4 national competencies and transformation 5.5 5.5.4 1
23/09/1440 AH, Paragraph
cadres in the field of leaders
No. (3) of Item (Ninth).
information technologies

Royal Decree No. (M/128)

dated 13/11/1440 AH,
approving the Government
Tenders and Procurement Completing purchase orders
Law. related to telecommunications
Circular of His Excellency the services items, whether
Technological
Minister of Finance No. 4.14.5 overheads, programs or 5.11 5.11.5 1&2
Services Infrastructure
(49989) dated 12/02/1442 projects with an economic
AH, Clause (First). rating of (221136) on Etimad

Circular of His Excellency the platform

Minister of Finance No.

(46973) dated 105/12/1443
AH,.

Circular of His Excellency the

Minister of Finance No.
(49989) dated 12/02/1442
AH, Clause (Second).
Submitting a survey that
Digital Government
includes all relevant digital Technological
Authority’s Circular No. (916) 4.14.6 5.11 5.11.6 1
departments to the Digital Services Infrastructure
dated 15/01/1443 AH,.
Government Authority
Council of Ministers’
Direction notified under His
Excellency the President of
the Royal Court Letter No.

Digital Transformation Basic Standards DGA-1-2-1-111

134
(8102) dated 03/02/1444 AH,
regarding finding solutions
for the governance of
communication services.

Royal Decree No. (M/128)

dated 13/11/1440 AH, Using telecommunications
approving the Government service items of an economic
Tenders and Procurement rate (221136) for the
Technological
Law. 4.14.7 procurement operations 5.11 5.11.7 1
Services Infrastructure
Circular of His Excellency the specified for the item in the

Minister of Finance No. instructions for implementing

(49989) dated 12/02/1442 the general budget of the State

AH, Clause (Third).

7.5 Frequently Asked Questions (FAQ)

# Question Answer
What is Digital Transformation? Digitally and strategically transforming and developing business standards and models that would
1
rely on data and technologies.

What is Compliance? Full compliance with the implementation of standards through detailed compliance requirements
2
that fall under each standard.

What is meant by the measurement Measurement of compliance with standards and requirements related to digital transformation,

3 of compliance using digital and determination of compliance levels for each standard.
transformation standards?

What are regulatory references for
the measurement of compliance?
4
Referring to the Council of Ministers Resolution No. (418), dated 25/07/1442 AH, approving DGA’s
Bylaw, which stipulates in Article (4/5 and 6) that DGA undertakes the following functions and
duties: Issuing measurements, indicators, tools, and reports to measure the performance of
Government Agencies and their capabilities in the field of digital government, and the beneficiary’s
satisfaction therewith; Following-up on the compliance of Government Agencies with the decisions
and orders issued on digital government transactions, according to frameworks and standards
developed by DGA, together with E-Government Transaction Implementation Rules issued by virtue
of the Council of Ministers Resolution No. (40), dated 27/02/1427 AH, as amended by the Council of
Ministers Resolution No. (252), dated 16/07/1431 AH, where Article (22) stipulates that: “Each
Government Agency shall measure the extent of transformation to e-government transactions every
six (6) months according to indicators developed by the Program. Such indicators shall be included
in the annual report of the Government Agency, and copies thereof shall be sent to the Program”.

How the measurement of current
digital transformation aligns with
5
objectives of the Saudi Vision 2030?
Vision 2030 aims to transform the Government of Saudi Arabia into a high-performance government
that features effectiveness, transparency, and accountability. From this perspective, the digital
transformation process is one of Vision 2030 key commitments, as the Vision emphasized the need
to continue expanding the scope of digital services provided to include other services such as

Digital Transformation Basic Standards DGA-1-2-1-111

135

Who is responsible for compliance
6 measurement?
Which Government Agencies
7
undergo measurement?
Is there compatibility between the
measurement of digital
transformation in its latest version
and global reference models?
8
What is meant by an approved
document for the attachment?
9 type of document. For example, the document of the strategic plan for digital transformation must
What are the requirements to be met
10
in the attached strategies and plans?
What are the requirements to be met
11
in decisions and directives?
What are the requirements to be met
12
in attached reports?
What are the requirements to be met
13
in attached studies and surveys?
What are the requirements to be met
14 in the attached methodologies,
policies, controls and standards?
What is meant by samples requested
as part of supporting documents?
15
Digital Transformation Basic Standards
geographic information systems, health and educational services, and others, in addition to the use
of e- implementations in Government Agencies, such as cloud implementations and data sharing
platforms. Accordingly, the measurement framework has been developed to align with such trends
while taking advantage of global trends in the field of digital transformation.
DGA, by monitoring compliance levels periodically based on a specific methodology. DGA submits
periodic reports to officials in Government Agencies and a general report to HRH, as stipulated in E-
Government Transaction Implementation Rules.
All Government Agencies qualified for measurement, according to the approved Criteria for
Nomination of Agencies.
Digital transformation-related standards were developed based on a comprehensive study of a set
of international reference models in the process of digital transformation, which included a number
of key international indicators and frameworks. During such a study, comparisons were made for
pillars and stages that this process goes through, in addition to pillars used in compliance
measurement. Based on the outcomes of such study, a perception of pillars through which digital
transformation and compliance with modern standards can be measured in the context of Saudi
Arabia was concluded. Therefore, the updated framework of DTS is fully compatible with global
reference models.
The approved document means that it has been approved by an authorized person or a higher
committee within the Government Agency that has the power required for approval according to the
be approved by the head of the Government Agency, to be attached with evidence of its approval
i.e., signatures and seals or official letters.
The attached strategies and plans shall be valid and approved, and shall include all elements and
components to be available as per best practices.
Attached decisions and directives shall be effective, valid, issued and approved by the authorized
person in the Government Agency
The attached reports must be issued by the concerned department and include all information
referred to in the report request.
Attached studies and surveys shall explain methodologies used in data collection and analysis
processes, and to include results and recommendations concluded therefrom.
Methodologies, policies, controls, and standards shall be valid, approved, and applied in the
Government Agency, as well as developed in accordance with best practices.
Samples vary according to the requirements of the standard and the required supporting
documents, which could be, including but not limited to:
• Sample templates and tools for business impact analysis (Sample can be reports, tables
or matrices).
• Samples from risk assessment study (Sample can be reports based on risk identification
and analysis matrix).
DGA-1-2-1-111
136

Shall reports be recent, whether for
minutes of meetings or
correspondence, where most of
16
which may be relatively old, and no
meetings were held recently at a later
time?
Who is responsible for approving
17 documents and how are they
approved?
If the Government Agency forms a
committee concerned with digital
transformation, is the Government
18
Agency required to form another
committee for e-government
transactions?
Some requirements do not apply
directly to the Government Agency,
what is the applicable mechanism in
19 this case?
What is meant by Digital Service
Quality Standards?
20
You can view more frequently asked questions by logging in the measurement system, as they are updated on the
Digital Transformation Basic Standards
• Samples of risk response strategies (Sample may contain an analysis of risks associated
with a service or domain, describing the response plan for such risk, the and team in
charge).
• Samples from teams (Sample can be tables of teams, and 3 samples can be attached with
contact data hidden, as per professional practices).
Required samples can be minutes, records, or decisions, as mentioned in the requirements of the
standard.
In general, attachments must be with recent dates proving that the Government Agency is working
effectively in implementing practices related to digital transformation and decision-making, as this
cannot be proven through, for example, documents of meetings that took place more than a year
ago, which indicates lack of effective and continuous work in the field related to the required
documents.
The authorized person is responsible for content of the document and is considered the Owner
thereof, and by signing and putting his name, the document is considered approved.
In case the committee formed in the Government Agency conforms to Control No. (17) of the
Council of Ministers Resolution No. (40), dated 27/02/1427 AH, then the Government Agency may
not be required to form another committee.
In case the formation of the digital transformation committee does not conform to the
aforementioned Resolution, the Government Agency shall form an e- government committee as
stipulated in the Resolution.
Requirements that do not apply to the Government Agency must be issued by the legislator or what
is excluded by His Highness on implementation of the content of the High Order, and in the second
section, it is by the Government Agency's proving of its exclusion and the acceptance of the national
team. This option was made available in the tenth measurement (not applicable) with the
opportunity for the Government Agency to attach evidence that this decision or standard does not
apply to the Government Agency. The acceptance of this matter remains within the powers of the
national Qiyas team.
Standards guarantee the effective operation and monitoring of digital services, as there are many
different frameworks for monitoring the quality of digital services. It is required that they include all
digital aspects and are not limited to the opinions of beneficiaries and the level of satisfaction with
digital services only, standards can for include example (availability, portability, reliability, etc.)
system continuously.
DGA-1-2-1-111
137
7.6 List of relevant government agencies according to the scope of standards

The list includes the relevant government agencies as clarified within the scope of standards, according to the following:
Relevant agencies under
Agencies Agencies Agencies
Relevant agencies the standard (5.13.9)
responsible for benefitting leading life
under the standards Consolidating and Agencies responsible
Concerned government shared systems from the digital journey
of the two axes(5.8) integrating agency’s for “developing
# agencies according to and services reporting program
"Risk Management" platforms and closing priority services”
the scope of standards under (5.13.4), service under under
and (5.9) "Business platforms and domains under Standard (5.14.4)
(5.13.5) and Standard Standard
Continuity" that are no longer
(5.13.6) standards. (5.16.3) (5.18.5).
needed”

Ministry of
1 Communication and √ √ √
Information Technology

2 Ministry of Investment √ √ √ √

Ministry of Economy
3 √
and Planning

4 Ministry of Media √ √ √

• Providing
Ministry of
subscription and
5 Environment, Water and √ √ √
payment of water
Agriculture
bills services.

• Creation of a
business/
entreprise
6 Ministry of Commerce √ √ √
• Issuance of a
commercial
register.

• Apply for a
7 Ministry of Education √ √ government √ √
scholarship.

Ministry of Hajj &

8 √ √ √ √
Umrah

Ministry of Islamic
9 Affairs, Dawah and √ √
Guidance

Ministry of Foreign • Applying for entry or

10 √ √ √
Affairs transit visas.

11 Ministry of Defense √

12 Ministry of the Interior √ √ √ √

13 Ministry of Sports √ √ √ √

14 Ministry of Tourism √ √ √ √

Digital Transformation Basic Standards DGA-1-2-1-111

138
 Ministry of Municipal,
• Issuing a building
15 Rural Affairs and √ √ √ √
permit
Housing

16 Ministry of Health √ √ √ √

Ministry of Industry and

17 √ √ √ √
Mineral Resources

18 Ministry of Energy √ √ √ √

• Issuing marriage
contracts
• Registering land
ownership
19 Ministry of Justice √ √ • Notarial services √ √
(managing and
following up cases
with the courts
electronically).

▪ Electronic
Payment
Platform
(Tahseel)
• e-Government
▪ Electronic Procurement

Payment Platform
20 Ministry of Finance √ √
Platform (Sadad) • e-payment of √

▪ Etimad government fees and

Platform/e- costs

Government
Procurement
System
(Tenders)

• Applying for
government jobs
• Providing services to
needy groups: Poor,
people with
disabilities, elderly
Ministry of Human • Applying for
21 Resources and Social √ √ financial aid for √ √
Development people with special
needs
• Applying for
maternity and
newborn aids
• Applying for child
aids

Digital Transformation Basic Standards DGA-1-2-1-111

139
 Ministry of Transport
22 √ √ √ √
and Logistics

23 Ministry of Culture √ √ √

• Unified National
Access Platform
(NAFAD)
• Government
Services Bus (GSB)
Saudi Authority for Data • Government
24 and Artificial √ Secure Network √
Intelligence (SDAIA) (GSN) Platform
• Data Market
Platform
Government
Cloud (G-Cloud)
Platform

General Authority for

25 √ √
Statistics

The National Centre for • Issuing

26 Environmental environmental
Compliance (NCEC) permits

General Authority for

27 √
Awqaf

General Entertainment
28 √ √
Authority

• Paying taxes
electronically
• Submitting VAT and
Zakat, Tax and Customs GST return or
29 √ √
Authority equivalent
• Electronic invoices
• Submit income tax
return

General Authority of
30 √
Civil Aviation

Saudi Food & Drug

31 √ √
Authority

• Providing
General Authority for
geographical and
32 Survey and Geospatial
geospatial information
Information
systems electronically

Small and Medium

33 Enterprises General √
Authority

34 Transport General √ √

Digital Transformation Basic Standards DGA-1-2-1-111

140
 Authority

Communications, Space
35 and Technology √ √
Commission

• Providing
Water and Electricity subscription and
36 √
Regulatory Authority payment of electricity
bills services.

General Real Estate

37 √ √
Authority

Capital Market
38 √ √
Authority (CMA)

Local Content &

39 Government √
Procurement Authority

Saudi Authority for

40 √
Intellectual Property

General Commission for

41 √ √
Audiovisual Media

Education and Training

42 √ √
Evaluation Commission

43 Saudi Ports Authority √ √

Saudi Standards,
44 Metrology and Quality √
Organization

• Notice of change of
45 Saudi Post √ residential
address

Saline Water Conversion

46 √
Corporation (SWCC)

• Applying for social

protection programs
• Applying for benefits
for retirees
General Organization
47 √ • Applying for benefits √
for Social Insurance
due to illness or
disability
• Applying for benefits
for the unemployed

Council of Cooperative
48 √
Health Insurance (CCHI)

Digital Transformation Basic Standards DGA-1-2-1-111

141
 • Registration or
Renewal of vehicles
registration (car, truck,
Public Security motorcycle, etc.)
49 • Applying for criminal
Directorate (PSD)
record
• Reports to the police
• Issuing driving
license

Social Development
50 √
Bank

Saudi Industrial
51 √
Development Fund

52 Public Investment Fund √

Human Resources
53 √ √ √
Development Fund

54 Board of Grievances √

55 National Events Center √

National Center for

56 Performance √
Measurement “ADAA”

• Apply for a copy of

birth certificate
• Apply for a copy of
death certificate
Vice-Ministry of Interior
57 • Apply for an ID card
for Civil Status
• Providing
information about
applying for
citizenship

King Abdulaziz City for

58 Science and Technology √
(KACST)

•A unified national
Digital Government
59 √ platform for
Authority (DGA)
government services

National Center for

60 Government Resource √ √
Systems

National Center of
61 √
Meteorology

Electronic
General Bureau for
62 Monitoring
Auditing
Platform (SHAMIL)

Digital Transformation Basic Standards DGA-1-2-1-111

142
 King Faisal Specialist
63 Hospital & Research √
Center

King Abdullah, City for

64 Atomic and Renewable √
Energy

65 Taibah, University √

66 Asir Region Municipality √

Jizan Region
67 √
Municipality

Madinah, Region
68 √
Municipality

Qassim Region
69 √
Municipality

Al Jouf Region
70 √
Municipality

Al Baha Region
71 √
Municipality

Jeddah, Governorate
72 √
Municipality

Taif Governorate
73 √
Municipality

Al-Ihsa Governorate
74 √
Municipality

Eastern Province
75 √
Municipality

Holy Capital
76 √
Municipality

Saudi Energy Efficiency

77 √
Center

78 The Royal Court √

Tourism Development
79 √
Fund – TDF

80 Saudi Tourism Authority √

Digital Transformation Basic Standards DGA-1-2-1-111

143
Digital Transformation Basic Standards DGA-1-2-1-111
144
DGA.GOV.SA