CCC Cybersecurity Certification

Helping companies to obtain a cybersecurity certification that qualifies them for accreditation with major corporations

Aramco Standard
Third-party cybersecurity
SACS-002 (CCC)

Are you ready to start the commitment process?

The Saudi Aramco Third Party Cybersecurity Standard 002 (SACS-002 (CCC)) issued by Saudi Aramco in May 2020, aims to establish minimum cybersecurity requirements for Saudi Aramco's third parties to protect Saudi Aramco from potential cyber threats and enhance the security posture of third parties.

Who does this apply to?

This Saudi Aramco Third Party Cybersecurity Standard 002 (SACS-002 (CCC)) applies to all third parties doing business with Saudi Aramco through contractual agreements. The standard defines general requirements that apply to all third parties and more specific requirements for those third parties involved in more ICT-oriented services such as connecting to the network or external infrastructure, processing critical data, or customising software.

How long does it take to implement Saudi Aramco's Third Party Cybersecurity Standard 002 (SACS-002) in the organisation?

It depends on the size of the organisation, the industry it operates in, the number of employees, the status of current policies in place, and the number and type of ICT components within its infrastructure. Some organisations can roll out the Saudi Aramco Third Party Cybersecurity Standard 002 (SACS-002 (CCC)) in a few weeks, others may require months or years. If you are interested in implementing the Saudi Aramco Third Party Cybersecurity Standard 002 (SACS-002 (CCC)) in your organisation, contact us to schedule an appointment to review the gap analysis and get a better assessment of lead time and costs.