MUSCAT — The policy adopts a unified methodology for managing IT risks across the units of the State’s Administrative Apparatus, aiming to enhance the protection of government digital assets, ensure business continuity, and strengthen readiness to address evolving technological threats.

The Ministry stressed that the framework supports risk-informed decision-making while ensuring compliance with relevant national legislation governing digital operations.

The policy is designed to protect government digital assets, ensure secure and efficient continuity of digital services, support decision-making based on risk assessments, and ensure alignment with national regulatory requirements.

The framework applies to units of the State’s Administrative Apparatus, and IT service providers and contractors working with government entities.

Under the policy, entities are required to integrate IT risk management into their overall strategies, implement risk treatment and incident response plans, escalate high-impact risks to appropriate leadership levels, conduct periodic risk assessments and maintain a documented risk register, and embed risk management requirements within IT contracts.