The Aramco Cybersecurity Compliance Certificate for any Aramco contractor or contractor, is one of the requirements to contract with them.
What we offer:
We prepare the technical infrastructure to obtain The SACS-002 Third Party Cybersecurity Standard (CCC) for Aramco and then we extract the certificate for your facilities as soon as possible and at the lowest costs.
Issued by Saudi Aramco in May 2020, the Third Party Cybersecurity Standard (SACS-002) aims to establish the minimum Cybersecurity requirements for Saudi Aramco Third Parties to protect Saudi Aramco from possible cyber threats and strengthen Third Parties’ security posture.
Who does it apply to?
This Third Party Cybersecurity Standard (SACS-002) applies to all Third Parties engaging with Saudi Aramco through contractual agreements. The standard defines general requirements that apply to all Third Parties and more specific requirements for those Third Parties engaging in more ICT oriented services such as network connectivity, outsourced infrastructure, critical data processing, or software customization.
Aramco Cybersecurity Compliance Certificate
Who does it apply to?
The Aramco Third Party Cybersecurity Compliance Certificate is split into two main sections, the General Requirements and the Specific Requirements.
The General Requirements of Third Party Cybersecurity Standard (SACS-002) apply to ALL Third Parties working with Saudi Aramco. It consists of 3 main clauses, 7 sub-clauses, and 24 controls.
The Specific Requirements apply to the Third Parties that are providing ICT oriented services as defined by Saudi Aramco. These requirements consist of 4 main clauses, 13 sub-clauses, and 62 controls. These will have to be met in addition to the 24 controls specified under the General Requirements.
The Aramco Third Party Cybersecurity Compliance Certificate is derived mainly from the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). Therefore, if you are already implementing NIST CSF in your organization, you are more than likely to be meeting most of the SACS-002 (CCC) requirements.