Freedom of Information

The entity must provide proof that it has successfully processed and responded to previous information requests. ​

The entity must design and document a standardized process for handling information requests, and develop procedures for managing, processing, and documenting requests for public information in accordance with the Freedom of Information policies and regulations issued by the National Data Management Office (NDMO). ​

The entity must provide the guide developed for the Freedom of Information process and answers to frequently asked questions. ​

The guide should indicate, at a minimum:

• Application processing mechanism.
• Mechanism for sending requests.
• Mechanism for awaiting responses.
• Response review mechanism.
• Appeal mechanism (if necessary).

Common questions may also include:

• FAQs about the Freedom of Information process, requirements, timelines, and other information related to information requests. Providing frequently asked questions (FAQs) can clarify common queries and provide useful information to individuals making Freedom of Information requests.

The entity must provide a report that monitors its response to Freedom of Information requests based on predefined key performance indicators (KPIs) (indicator cards). The data for each indicator or card must include, at a minimum: ​

• Indicator name/symbol.
• Indicator owner.
• Indicator coordinator.
• Indicator description.
• The strategic or operational objective to be measured (specifying the particular specification or process to which the indicator is related)
• Indicator equation.
• Unit of measurement (ratio, number, etc.).
• Baseline (measurement value in the first measurement year).
• Target value.
• Periodicity of measurement (month/quarter/semi-year/yearly).
• Data sources are used to calculate the index.
• Data collection mechanism.
• Indicator polarity (+/-) (Positive polarity: High indicator value is target. Negative polarity: low indicator value is target).

The entity must provide a report with a description (name, version, etc.) The tool(s) used to automate the process of responding to Freedom of Information requests. ​

A tool refers to a program or application designed to simplify and automate the process of handling Freedom of Information (FOI) requests from submission to completion. Such a tool can enhance efficiency, accuracy, and transparency in managing Freedom of Information requests by automating various tasks, reducing manual effort, and ensuring compliance with applicable laws and regulations.

The entity must provide a report detailing the status of the Freedom of Information requests process implementation, covering the following: ​

• Approving requests to access public information.
• Rejecting requests to access public information.
• Extending the response time required for certain requests.
• Notify the beneficiary(s) that the required information is available on the entity’s website or outside its jurisdiction.

The entity must provide proof of internal communications and public publications that comply with the Freedom of Information policies and regulations issued by the National Data Management Office (NDMO), ensuring they do not conflict with the existing regulations in the Kingdom of Saudi Arabia. The entity is required to publish the following information on its official government website or associated websites: ​

• Laws, regulations, instructions, and regulatory decisions implemented in the entity.
• The services provided by the entity, along with detailed descriptions of how to access those services.
• The organizational structure of the entity, including job roles and responsibilities.
• Information on vacancies at the entity, excluding details about security or military positions as specified by the relevant authorities or in accordance with regulations in force in the Kingdom of Saudi Arabia.
• The entity’s annual strategic and operational reports, including its financial statements.
• General statistics, news, and updates related to the entity's activities, including the following:
  • The total number of employees within the entity.
  • The year the entity was established.
  • Number of services provided by the entity in the previous year.
  • Updated descriptions of the entity's activities.
• Projects submitted by the entity as required under the Freedom of Information Regulations, particularly those concerning risks that may affect people’s lives, health, or property. The information must include contact details for individuals authorized by the entity, at a minimum including the following:
  • Names of people.
  • Post addresses of individuals.
  • Individual's email addresses.
• Information on projects submitted or sponsored by the entity, as required by Freedom of Information policies and regulations, regarding risks that may affect people's lives, health, and property. The information should include the following:
  • Recipient names.
  • Implementation period.
  • Technological analysis.
• Guidelines and publications designed to raise awareness of people's rights to Freedom of Information within the entity.

If the above information is unavailable or invalid, the entity must provide justification and evidence in accordance with Freedom of Information policies and regulations.

The entity must provide updated documentation for operations, including any changes, with references to revised documents that outline the steps and procedures for specific operations or missions related to Freedom of Information, including: ​

• Documentation of periodic reviews, updated operations, and resulting changes.
• Mechanisms for the Continuous Improvement of Freedom of Information processes.

The entity must provide the forms for requests to access public information, in electronic or paper format, and specify the information required from the applicant. The requested information should include, at a minimum: ​

• Information about the applicant including name, address, and national ID.
• A description of the general information required from the applicant.
• The purpose of the request to access public information.
• Legal basis for the request.
• How the notice will be delivered to the applicant (e.g., email, national address).
• Request date.

The entity must provide proof that specific 'public' data sets have been published under the Freedom of Information regulations. ​

Responding to Freedom of Information (FOI) requests can sometimes result in the deployment of open datasets as part of Open Data Initiatives.

When an applicant submits a Freedom of Information request for specific information covered by Freedom of Information Laws, and the request is approved, the government entity may provide the requested information as a dataset. If the released dataset meets the criteria of being public, machine-readable, and reusable, it qualifies as open data.

The entity must provide proof that it has published communication on Freedom of Information, including guidelines and frequently asked questions, on its official website, as required by the National Data Management Office (NDMO). ​

The entity must provide a pricing mechanism for requests to access public information. The entity must calculate and document processing fees for each approved public information access request, using a pricing scheme determined by the entity and approved by the National Data Management Office (NDMO). ​

The entity must provide an updated Freedom of Information Register, documenting compliance records in the form specified by the Freedom of Information Guidelines issued by the National Data Management Office (NDMO). The register shall include, at a minimum: ​

• Information about the current Open Data and Information Availability Officer (ODIAO).
• Records of requests for access to public information.
• Public entity publications.
• Any other records, including the format and method required by the Freedom of Information policies and regulations issued by the National Data Management Office (NDMO).