The Saudi Aramco Third-Party Cybersecurity Standard (SACS-002) is a cluster of rules that companies require in order to work with Saudi Aramco. The aim is to keep critical stuff safe from cyber-attacks.

To get the Cybersecurity Compliance Certificate (CCC), your company needs to meet many fundamental rules. You must check your computer systems, find any significant security problems, and fix them using the best ways. After that, you need to send a report showing proof that your company is keeping things secure. Figuring out the best ways to do this is like finding the right mix of science and art.

Services Methodology for CCC

Gap Analysis

  1. Perform SACS-002 compliance assessment.
  2. Identify gaps in adherence to standards.
  3. Propose solutions for addressing identified non-compliance areas.

Proposal Submission

  1. Review Gap Assessment report.
    Prepare a detailed proposal with service breakdown and costs.
  2. Obtain client agreement and signatures on the proposal.
  3. Initiate project kickoff upon receiving a 50% payment deposit.


Team eibsol begins development and implementation.


  1. Completion of development triggers mandatory employee training.
  2. Training focuses on acceptable computer use and best practices.
    Emphasis on guidelines for system usage and encouraging good computing habits.
  3. Successful completion of training is mandatory for all staff members.

Contract with Audit Firm

  1. Contract: Assessment Verification with Saudi Aramco Approved Audit Firm.
  2. Payment: The total amount deposited at this stage.
  3. Options: Payment to eibsol or directly to Audit Firm.
  4. Assurance: Professional and thorough assessment per Saudi Aramco standards.


  1. Successful completion of the Cyber Security Compliance Audit results in the issuance of a certificate.
  2. Certificate validity: 2 years.
  3. The client is required to settle the outstanding 50% payment to conclude the project.


Please enable JavaScript in your browser to complete this form.