The Saudi Aramco Third-Party Cybersecurity Standard (SACS-002) is a cluster of rules that companies require in order to work with Saudi Aramco. The aim is to keep critical stuff safe from cyber-attacks.
To get the Cybersecurity Compliance Certificate (CCC), your company needs to meet many fundamental rules. You must check your computer systems, find any significant security problems, and fix them using the best ways. After that, you need to send a report showing proof that your company is keeping things secure. Figuring out the best ways to do this is like finding the right mix of science and art.
Services Methodology for CCC
- Perform SACS-002 compliance assessment.
- Identify gaps in adherence to standards.
- Propose solutions for addressing identified non-compliance areas.
- Review Gap Assessment report.
Prepare a detailed proposal with service breakdown and costs.
- Obtain client agreement and signatures on the proposal.
- Initiate project kickoff upon receiving a 50% payment deposit.
Team eibsol begins development and implementation.
- Completion of development triggers mandatory employee training.
- Training focuses on acceptable computer use and best practices.
Emphasis on guidelines for system usage and encouraging good computing habits.
- Successful completion of training is mandatory for all staff members.
Contract with Audit Firm
- Contract: Assessment Verification with Saudi Aramco Approved Audit Firm.
- Payment: The total amount deposited at this stage.
- Options: Payment to eibsol or directly to Audit Firm.
- Assurance: Professional and thorough assessment per Saudi Aramco standards.
- Successful completion of the Cyber Security Compliance Audit results in the issuance of a certificate.
- Certificate validity: 2 years.
- The client is required to settle the outstanding 50% payment to conclude the project.
SAUDI ARAMCO CCC AUDIT CHECKLIST
- As of now above are the minimum requirements, if in case Saudi Aramco asks any additional requirements, client will be responsible to provide.
- Timeline will be minimum two Weeks started from date of Evidence submission to Auditor.
- Client is responsible for providing one dedicated email address with password at company domain to AMC consultant for the entire period of CCC Audit.
- 50% advance payment will be required to start the process. 50% Payment will be paid before Issuing the Certificate.