The Saudi Aramco Third-Party Cybersecurity Standard (SACS-002) is a cluster of rules that companies require in order to work with Saudi Aramco. The aim is to keep critical stuff safe from cyber-attacks.

To get the Cybersecurity Compliance Certificate (CCC), your company needs to meet many fundamental rules. You must check your computer systems, find any significant security problems, and fix them using the best ways. After that, you need to send a report showing proof that your company is keeping things secure. Figuring out the best ways to do this is like finding the right mix of science and art.

Services Methodology for CCC

Gap Analysis

  1. Perform SACS-002 compliance assessment.
  2. Identify gaps in adherence to standards.
  3. Propose solutions for addressing identified non-compliance areas.

Proposal Submission

  1. Review Gap Assessment report.
    Prepare a detailed proposal with service breakdown and costs.
  2. Obtain client agreement and signatures on the proposal.
  3. Initiate project kickoff upon receiving a 50% payment deposit.

Consultancy

Team eibsol begins development and implementation.

Training

  1. Completion of development triggers mandatory employee training.
  2. Training focuses on acceptable computer use and best practices.
    Emphasis on guidelines for system usage and encouraging good computing habits.
  3. Successful completion of training is mandatory for all staff members.

Contract with Audit Firm

  1. Contract: Assessment Verification with Saudi Aramco Approved Audit Firm.
  2. Payment: The total amount deposited at this stage.
  3. Options: Payment to eibsol or directly to Audit Firm.
  4. Assurance: Professional and thorough assessment per Saudi Aramco standards.

Certification

  1. Successful completion of the Cyber Security Compliance Audit results in the issuance of a certificate.
  2. Certificate validity: 2 years.
  3. The client is required to settle the outstanding 50% payment to conclude the project.

SAUDI ARAMCO CCC AUDIT CHECKLIST

Please enable JavaScript in your browser to complete this form.
Does Company have any Windows Server, Active Directory?
Does Company has Registered Domain
Does Company using Company Domain Emails or Personal Emails.
Does Company Implemented Two Factor Authentication for Emails Security.
Does Company Arranging Cyber Security Training for Employees Yearly
Company enforcing passwords Policy to all Desktops / Laptops
Does Company Laptops / Desktops regularly updated with Windows/Antivirus Updates
Does Company implemented SPF Record for Emails Domain
Does Company informing Aramco while onboarding Employee or Leaving Employee
Does Firewall Configured in company network
Does Company IT Assets having Antivirus installed on all Systems
Does company Implemented IT AUP (Access Usage Policy)