The Saudi Aramco Third Party Cybersecurity Standard (SACS-002) is a set of requirements that vendors need to comply with to do business with Saudi Aramco. The goal of the standard is to protect Saudi Aramco’s critical assets and information from cyber-attacks.
To qualify for the Cybersecurity Compliance Certificate (CCC), businesses like yours have to meet an extensive number of business critical requirements. You are required to evaluate your ICT infrastructure, identify any major security issues, fix your major security problems (in accordance with best practices), and submit an evidence based report which confirms that your organization maintains sufficient security practices. Determining best practices, and selecting the right measures to implement is part science and part fine art.
- Show your values to supply chain and ethics as a contractor
- Build better working relationships with partners and buyers
- Ensure your cybersecurity is on par with market standards