Announcement on Acceptable Risk Levels in Cloud Computing Services
In our commitment to transparency and cybersecurity enhancement, we inform all subscribers that our cloud computing services adhere to strict risk management policies, ensuring a balance between performance, security, and service continuity.

Acceptable Risk Levels
Once potential risks affecting the service are identified and classified:
● A set of controls that mitigate those risks is defined.
● The controls are associated with relevant policies and procedures.
● An assessment plan is developed to evaluate and ensure the effectiveness of controls and to assign responsible individuals according to their roles and responsibilities.

The company, through the risk and compliance committee, has decided on the acceptable risk level based on the approved risk appetite (e.g., rating "Low"). Risks with values exceeding the acceptable risk level must be addressed based on the value of the risk and available controls.

Risks can be managed through a combination of preventive and detective controls, risk avoidance and acceptance strategies, or by transferring risks to third parties such as insurance companies.
Accordingly, the company must mitigate the identified risks based on the following classification:

● Low Risk (LOW): Considered acceptable and does not require additional actions other than continuing to apply existing controls, with ongoing monitoring.
● Medium Risk (MEDIUM): Considered unacceptable and must be addressed within a specific period not exceeding a few months. The company prioritizes mitigation efforts and implements measures to reduce risks to an acceptable level while balancing cost and impact.
● High Risk (HIGH): High risks are considered critical and require immediate action. The company is committed to implementing urgent corrective measures to mitigate these risks within weeks. This may include substantial changes to processes, controls, or policies to prevent potentially severe impacts.

Subscriber Responsibilities
All subscribers are advised to adhere to recommended security practices, such as enabling multi-factor authentication, regularly updating passwords, and protecting credentials, to ensure a secure environment for all.

Regular Updates
Acceptable risk levels may be updated in response to emerging cybersecurity threats. Subscribers will be notified of significant changes through official channels.

Acceptable risk levels may be updated in response to emerging cybersecurity threats. Subscribers will be notified of significant changes through official channels. cybersecurity@t2.sa
Thank you for your trust. We continually work to ensure the security and stability of our services.