About CareersNewsNeed Help

Compliance and Regulations

Document Control Compliance and Regulations

Aligned with KSA Construction Standards, Mega Projects, and International Best Practices

1. Introduction

The Document Control Compliance and Regulations Framework at BEC Arabia ensures that all project and corporate documents are managed in full compliance with KSA regulatory frameworks, ISO standards, legal obligations, and mega project documentation requirements.

This framework provides guidelines for regulatory compliance, audit requirements, retention policies, and risk mitigation related to document control.

All documents are stored and managed using Aconex, ensuring adherence to compliance standards and secure document management practices.

📂 Stored in SharePoint – Document Control Compliance and Regulations

2. Regulatory Authorities Governing Document Control

BEC Arabia follows local, national, and international standards for document control compliance.

Regulatory Authority

Applicable Regulations

Key Compliance Requirements

Saudi Contractors Authority (SCA)

Contractor Documentation and Project Records

Proper document storage and tracking for regulatory compliance

Etimad and NUPP (Saudi Procurement Platforms)

Public procurement and government project documentation

Standardized document submission and approval requirements

Ministry of Municipal, Rural Affairs, and Housing (MOMRAH)

Construction project permits and approvals

Retention of all approved construction documents and permits

ISO 9001:2015

Quality Management System (QMS)

Compliance with structured document control and versioning

General Authority of Zakat and Tax (GAZT)

Tax documentation and financial records

Retention of financial documents for tax compliance

Saudi Data and Artificial Intelligence Authority (SDAIA)

Data protection and document security laws

Proper handling of confidential and sensitive information

KSA Arbitration Center

Contractual dispute documentation

Full document traceability for legal compliance

📂 Stored in SharePoint – Regulatory Compliance Guide

3. Document Control Compliance Policies

3.1 Document Retention Compliance

All documents must be retained for the legally required period based on regulatory, contractual, and internal compliance policies.

Document Type

Retention Period

Regulatory Reference

Project Contracts

10 years post-completion

FIDIC, MOMRAH, SCA

Financial and Tax Records

5 years

GAZT

Government Project Submissions

10 years

Etimad, NUPP

Technical Drawings and Engineering Documents

10 years

SCA, ISO 9001

HR and Employee Records

5 years after employee exit

Saudi Labor Law

Dispute and Arbitration Documents

7 years

KSA Arbitration Law

📂 Stored in SharePoint – Document Retention Policy

3.2 Compliance with Public Procurement Laws (Etimad and NUPP)

BEC Arabia follows Etimad and NUPP regulations for government project documentation.

Key Compliance Requirements:

  • Structured documentation submission for prequalification and bidding

  • Adherence to standardized templates for contracts and project reports

  • Retention of all correspondence and approvals for audit tracking

📂 Stored in SharePoint – Public Procurement Compliance

3.3 ISO 9001:2015 Compliance for Document Control

BEC Arabia aligns its document control policies with ISO 9001:2015 Quality Management System (QMS) standards.

Key Compliance Requirements:

  • Structured document control and versioning processes

  • Audit trails for all document modifications

  • Secure storage and access control for confidential files

📂 Stored in SharePoint – ISO Compliance Guidelines

3.4 Legal Compliance for Contractual Documentation

All contract-related documents must comply with KSA contract laws, FIDIC guidelines, and dispute resolution policies.

Key Compliance Requirements:

  • Retention of signed contracts, amendments, and approvals

  • Secure archiving of all arbitration and dispute resolution documents

  • Adherence to legal disclosure and confidentiality requirements

📂 Stored in SharePoint – Contractual Compliance Guidelines

3.5 Data Security and Confidentiality Compliance

BEC Arabia follows SDAIA (Saudi Data and Artificial Intelligence Authority) regulations to protect sensitive and confidential documents.

Key Compliance Requirements:

  • Role-based access controls for sensitive information

  • Encryption of critical legal, financial, and HR records

  • Strict non-disclosure agreements (NDAs) for internal and external parties

📂 Stored in SharePoint – Data Security Policy

4. Compliance Audits and Monitoring

4.1 Internal Document Control Audits

BEC Arabia conducts quarterly internal audits to ensure adherence to document control policies.

Audit Process:

  1. Document Classification Review – Ensuring correct labeling and retention policies

  2. Access Control Verification – Checking role-based access compliance

  3. Version Control and Change Management Review – Ensuring proper version tracking

  4. Regulatory Documentation Compliance – Validating records for audit readiness

📂 Stored in SharePoint – Internal Audit Reports

4.2 External Compliance Audits

Regulatory bodies and project clients may conduct external audits to verify compliance with legal, financial, and quality standards.

Key Compliance Actions for External Audits:

  • Ensure Aconex records are complete and up to date

  • Prepare and submit requested documents within regulatory deadlines

  • Maintain a centralized compliance log for external audit requests

📂 Stored in SharePoint – External Audit Logs

4.3 Compliance Risk Management

BEC Arabia has implemented a Document Control Risk Register to track and mitigate compliance risks.

Risk Mitigation Strategies:

  • Regular compliance training for employees

  • Automated compliance alerts in Aconex

  • Legal review of critical document submissions

📂 Stored in SharePoint – Compliance Risk Register

5. Document Security and Access Control Compliance

5.1 Secure Document Storage and Access Control in Aconex

All project and corporate documents must be stored in Aconex with proper access restrictions to ensure confidentiality and prevent unauthorized modifications.

Compliance Requirements:

  • Role-based access permissions for controlled documents

  • Encryption of sensitive legal, financial, and HR records

  • Mandatory access logs to track document interactions

  • Multi-level approval process for classified and high-risk documents

Aconex automatically maintains a full audit trail of document access, approvals, and modifications.

📂 Stored in SharePoint – Document Security Policy

5.2 Restricted Access for Confidential Documents

Certain legal, financial, and contractual records require strict access control to comply with KSA’s data protection laws.

Document Type

Access Level

Storage Location

Legal Contracts

Legal and Executive Teams Only

Aconex & SharePoint

Financial Reports

Finance and Executive Teams Only

SharePoint & ERP System

Employee Records

HR Department Only

HRMS System

Arbitration and Dispute Documents

Legal Department Only

Aconex & Legal Archive

📂 Stored in SharePoint – Access Control Guidelines

5.3 Confidentiality and Non-Disclosure Agreement (NDA) Compliance

All employees and external parties handling sensitive documents must sign a Non-Disclosure Agreement (NDA) before accessing confidential information.

Compliance Requirements:

  • NDAs must be signed before sharing classified documents

  • NDA violations result in legal action

  • NDAs must be stored in Aconex and SharePoint for tracking

📂 Stored in SharePoint – NDA Compliance Records

6. Version Control and Change Management Compliance

6.1 Version Control Policy

All controlled documents must have sequential versioning to track changes and prevent outdated information from being used.

Versioning Format: [Document Type] – [Department Code] – [Project Code] – [Revision Number]

Example: RFI-PM-NEOM-REV03 → Request for Information for NEOM Project, Revision 3

📂 Stored in SharePoint – Version Control Policy

6.2 Document Revision and Approval Workflow

To ensure compliance with legal and regulatory standards, all document revisions must undergo an approval workflow in Aconex.

Revision Workflow:

  1. Document Owner Submits a Change Request

  2. Review and Approval by Department Heads

  3. Legal and Compliance Team Validation

  4. Final Approval and Release

📂 Stored in SharePoint – Document Change Request Form

7. Compliance with Legal and Regulatory Documentation

7.1 Public Procurement Documentation Compliance (Etimad and NUPP)

All documents submitted for public procurement projects must comply with Etimad and NUPP documentation standards.

Compliance Requirements:

  • Use pre-approved templates for tenders and project documentation

  • Retain all procurement submissions for at least 10 years

  • Ensure all approvals and revisions are documented in Aconex

📂 Stored in SharePoint – Public Procurement Compliance Guide

7.2 Legal Documentation Compliance with KSA Construction Laws

All contract-related and regulatory documents must adhere to KSA construction industry regulations.

Regulatory Requirement

Compliance Action

Contract Retention Laws

Maintain project contracts for 10 years

Arbitration Law

Store all dispute resolution records in Aconex

ISO 9001:2015

Maintain structured document management and audits

Data Protection Regulations

Encrypt and restrict access to classified records

📂 Stored in SharePoint – Legal Compliance Guide

8. Compliance Audits and Monitoring

8.1 Internal and External Document Audits

BEC Arabia conducts quarterly internal audits and annual external audits to ensure compliance with document control policies.

Audit Process:

  1. Document Classification Review

  2. Access Control Verification

  3. Version Control Compliance Check

  4. Regulatory Documentation Compliance Audit

📂 Stored in SharePoint – Audit Reports

8.2 Compliance Risk Assessment and Mitigation

BEC Arabia maintains a Document Control Risk Register to track and mitigate compliance risks.

Risk Category

Potential Risk

Mitigation Strategy

Document Security

Unauthorized access to sensitive records

Role-based access control in Aconex

Version Control

Use of outdated documents

Mandatory version tracking

Regulatory Compliance

Non-compliance with legal retention laws

Quarterly compliance audits

📂 Stored in SharePoint – Compliance Risk Register

9. Disaster Recovery and Business Continuity

9.1 Document Backup and Recovery Policy

To ensure data integrity and business continuity, Aconex and SharePoint automatically back up all documents.

Backup and Recovery Process:

  • Daily automated backups in Aconex and SharePoint

  • Weekly integrity checks to ensure data availability

  • Disaster recovery simulations conducted annually

📂 Stored in SharePoint – Disaster Recovery Plan

10. Key Performance Indicators (KPIs) for Document Control Compliance

KPI Name

Measurement Criteria

Target Benchmark

Document Retrieval Time

Average time to retrieve a document

≤ 5 minutes

Compliance Audit Pass Rate

Percentage of documents meeting compliance standards

98% or higher

Version Control Accuracy

Percentage of documents with correct versioning

100%

Unauthorized Access Incidents

Number of reported security breaches

Zero

📂 Stored in SharePoint – Document Control KPI Dashboard

11. Conclusion

The Document Control Compliance and Regulations Framework at BEC Arabia ensures that all project and corporate documents are managed in strict compliance with KSA regulations, ISO standards, and mega project documentation best practices.

By leveraging Aconex as the primary document management system, BEC Arabia maintains secure, structured, and auditable document control processes, reducing compliance risks and ensuring regulatory adherence.

All compliance documentation is stored in SharePoint for version tracking, audit logs, and future reference.

PreviousPolicies and ProceduresNextRisk Management

Last updated

Was this helpful?