Email Usage and Retention Policy


Policy No.:ETP-A -18-5                                                                                                                                                                             Effective:03/18/12


KSAU-HS  King Saud bin Abdulaziz University for Health Sciences
UNIVERSITY   King Saud bin Abdulaziz University for Health Sciences
EDUTECH  Corporate Office of Educational Technology Services
DIRECTOR  Director of the Corporate Office of Educational Technology Services
IT   Information Technology
THIRD PARTY  Any individual, group contractor, vendor or agent not registered as a University student, Faculty or staff.
USER Any student, faculty, supporting staff or third party, who is granted an account to use KSAU-HS electronic resources or systems.


This policy defines the acceptable use of the KSAU-HS e-mail systems, including but not limited to messaging services provided through other applications like collaboration, contents, and learning management systems.


This policy applies to all KSAU-HS users, including students, faculty, staff, and third party users who are granted access to use the University systems.



Email Usage

  • The University provides e-mail accounts for its business usage only, to Students, Faculty, Staff and as possible to third party users like contractors who work on direct projects for the University.
  • All users must agree to and sign [Exhibit 18-1 E-mail/ Internet User Agreement] before an e-mail account can be created.
  • Every user has the responsibility to maintain the University’s public image and to use the University e-mail system in a responsible and productive manner. Users are prohibited to use the e-mail service for non-business purposes.
  • All users must adhere to the following when using University E-mail facilities:
  • Users are expected to act ethically and responsibly in their use of e-mails and to comply with the relevant Saudi legislation, regulations and codes of practice, and with the KSAU-HS Acceptable Use of Information Resources.
  • Discrimination, victimization or harassment on the grounds of gender, marital status, family status, religious belief, age, disability, race, color, nationality, ethnic or national origin is against University policy. Users must not bully, hassle or harass other individuals via e-mail. Users must not send messages that are likely to be considered abusive, offensive or inflammatory by the recipient/s.
  • All users should regard all e-mails sent from University facilities as first, representing the University and, secondly, representing the individual. Users should be civil and courteous. Users should not send e-mail which portrays the University in an unprofessional light. The University is liable for the opinions and communications of its staff and students. Any e-mail involved in a legal dispute may have to be produced as evidence in court.
  • All users should do their best to ensure that e-mail content is accurate, factual and objective especially in relation to individuals. Users should avoid subjective opinions about individuals or other organizations.
  • Users must not use a false identity in e-mails. All e-mails must contain the identity of the sender and may not represent the sender as someone else or someone from another organization.
  • Users must not create or forward advertisements, chain letters or unsolicited e-mails e.g. SPAM.
  • All users are responsible to protect work-related emails and data displayed on their monitors. e.g. by locking their office door or by locking their workstation or using a screen saver in password-protected mode when leaving their desk. Every user is responsible to prevent unauthorized individuals from using their workstation to send an e-mail, which will appear to originate from the user.
  • All users should exercise caution when providing their e-mail address to others and be aware that their e-mail address may be recorded on the Internet.
  • All users are prohibited to use the KSAU-HS email account to register for non-work related websites and services.
  • All users should be cautious when opening e-mails and attachments from unknown sources as they may be infected with viruses.
  • All users must have up-to-date anti-virus software installed and operational on the computer that they access their e-mail on.
  • Before opening, all e-mails or attachments that are encrypted or compressed should be decrypted or decompressed and scanned for viruses by the recipient.
  • Users should be aware that e-mails may be subject to audit by EduTech to ensure that they meet the requirements of this policy. This applies to message content, attachments and addressees.
  • As part of the Universities’ standard computing and telecommunications practices, e-mail systems and the systems involved in the transmission and storage of e-mail messages are normally "backed up" centrally on a routine basis for administrative purposes. The back-up process results in the copying of data, such as the content of an e-mail message, onto storage media that may be retained for periods of time and in locations unknown to the originator or recipient of an e-mail. The frequency and retention of back-up copies may vary from system to system. However, this back-up is for University administrative purposes only and it is the user’s own responsibility to back-up any of their e-mails they wish to retain for future reference.
  • All security incidents involving email should be reported to the EduTech Data Center operations.


  • Data users must assume that all e-mail or Internet communications are not secure unless encrypted and they should not send any confidential information via e-mail. Users may not, under any circumstances, monitor and intercept or browse other users' e-mail messages unless authorized to do so. Network and computer operations personnel, or system administrators, may not monitor other user’s e-mail messages other than to the extent that this may occur incidentally in the normal course of their work.
  • The University reserves the right to access and disclose the contents of a user's e-mail messages in accordance with its legal and audit obligations, and for legitimate operational purposes. The University reserves the right to demand that encryption keys, where used, be made available so that it is able to fulfill its right of access to a user’s e-mail messages in such circumstances.


  • Users are not allowed to use or abuse other users’ original work. Therefore, users should bear in mind:
  • E-mail messages can be creative works and therefore are copyrighted.
  • Some e-mail contents sent by a user are copyrighted to the user or the University.

Information Security Supporting Policy

  • When Users post to a public list they do not lose copyright, but the message may be archived, forwarded to other lists or quoted by others.
  • Messages sent to a list should not be quoted out of context, changed or reworded or misattributed.
  • Software or files downloaded from the Internet may be protected by copyright restrictions.

  E-mail Retention

  • University communications of any kind typically need to be retained as any other corporate document. Certain e-mail communications must follow the requirements established in (Policy ITP-35-1 Document Retention Policy) depending on the subject or purpose of the e-mail.
  • E-mails deleted from inbox are still saved on the University Backup which will be retained as per (Policy ITP-28-1 Data Backup and Retention Policy).
  • Users are compelled to delete or archive the emails to Outlook personal folders as the maximum allotted mailbox capacity is reached. EduTech is not responsible for any loss of emails saved in the Outlook personal folders.


  • Certain file extensions such as those listed in [EXHIBIT-18-5-1 Prohibited File Extensions] are prohibited as they are potential security and virus threats.
  • The maximum limit of e-mail attachment per message is 5MB. Users may request additional assistance from EduTech to increase attachment capacity, or to utilize other file transfer methods.

Email Disclaimer

  • All emails send through KSAU-HS email gateway will be attached with the following disclaimer:

“The information in this email may contain confidential material and it is intended solely for the addressees. Access to this email by anyone else is unauthorized. If you are not the intended recipient, please inform the sender, and immediately delete the email and destroy any copies of it. Any disclosure, copying and distribution of its contents fully or partially is prohibited and may be considered unlawful. Contents of this email and any attachments may have been altered. Statement and opinions expressed in this email are those of the sender, and do not necessarily reflect those of King Saud bin Abdulaziz University for Health Sciences”.

  • No users are supposed to attach email disclaimers other than this.

Mailbox Capacity

  • This policy identifies allotment of mail box capacity for email server administrators and users in order to effectively utilize the server resources and ultimately reduce cost and administrative load.
  • All University users are allocated with a maximum mailbox size as per [EXHIBIT-18-5-2 Allotted Mailbox Size for KSAU-US Users].

Mailbox Capacity Exceptions

  • Exceptions to mailbox capacity may reach 10 GB. Exception requests must be authorized by the user’s department head, and to be sent for EduTech approval and processing. 

Approved By:

Director Corporate, Educational Technology Service
King Saud bin Abdulaziz University for Health Sciences


Related Links