Skip to content Skip to footer

Cybersecurity Compliance Certificate

Cybersecurity Compliance Certificate


(Cybersecurity Compliance Certificate)Third Party Cybersecurity Standard (TPCS) sets forth the minimum Cybersecurity requirements for Saudi Aramco Third Parties to protect Saudi Aramco from possible cyber threats and strengthen Third Parties’ security posture.


This Standard applies to All Third Parties engaging with Saudi Aramco through contractual agreements.

Ready to start compliance process ?!

Our engineers will be happy to serve you , to ensuring you achieve highest standards of cybersecurity compliance for your organization

The standard consists of four major components:

Identify Third Party Cybersecurity Controls For Cybersecurity Compliance Certificate

The identification component consists of four parts:

Third Party must establish, maintain and communicate a Cybersecurity Acceptable Use Policy (AUP) governing the use of Third Party Technology Assets.
Third Party must have policies and processes to classify information in terms of its value, criticality and confidentiality.
Third Party must conduct annual external Penetration Testing on its IT infrastructure systems, and internet facing applications.
Third Party must have a process to conduct Cybersecurity Risk Assessment on regular basis, to identify, assess and remediate Risks to data and information systems.


Protection consists of four parts:

Password protection measures must be enforced by the Third Party
how to secure systems, data, documents, and applications
Third Party must have a Disaster Recovery Plan (DR Plan) which is documented, maintained and communicated to appropriate parties
describe how key systems and technologies should be protected, including the use of intrusion detection systems (IDS)


Response consists of three parts:

incident management policy and plan

The incident response capability and tracking of all cybersecurity incidents

vulnerabilities should be resolved or mitigated

Detect Third Party Cybersecurity Controls For Cybersecurity Compliance Certificate

Detection consists of two parts:

Third Party must monitor Technology Assets, Systems and applications to identify unauthorized access, or unauthorized activity.

Multiple physical security measures must be implemented to prevent unauthorized access to facilities. Entrances and exits must be secured with authentication card key, door locks and monitored by video cameras.

Cybersecurity Compliance Certificate

How long does it take to implement the CRF in an organization?

It depends on the size of the organization, the field in which it operates, the number of employees, the state of the current policies implemented, and the number and type of ICT components within its infrastructure. Some organizations can roll out the SACS-002 Standard (CCC) in a few weeks, others may require months or years. If you are interested in implementing the SACS-002 Standard (CCC) in your organization, contact us to schedule a gap analysis audit and get a better assessment of the lead time and the costs.

Contact Us

Reach out to Smart-Contract Team today to see how we can help you with your Aramco compliance needs.

Send your message and we will contact you immediately

    Call Now Button