Ensure compliance with all Saudi Aramco cybersecurity standards
Saudi Aramco is an important customer for more than 5,000 contractors and suppliers. SirajTech helps those companies comply with Aramco’s strict SACS-002 cybersecurity standard.
Understanding the SACS-002 Cybersecurity Standard
The SACS-002 third-party cybersecurity standard sets forth the minimum cybersecurity requirements for companies working with Saudi Aramco. It is designed to protect Aramco from cyberthreats and strengthen the security posture of those partner companies.
The standard consists of four major components:
Identify
The identification component consists of four parts:
- Asset Management – catalog and classify digital assets
- Governance – establish cybersecurity policies, standards, and staffing
- Risk Assessment – conduct penetration testing for IT infrastructure and websites
- Risk Management Strategy – identify, access, and remediate risks to data and information
systems
Protect
Protection consists of four parts:
- Access Control – include issuing passwords and security badges, establish visitor management
processes, and define other access to restricted systems and facilities - Data Security – describe how to secure systems, data, documents, and applications
- Information Protection Processes and Procedures – include disaster recovery and business continuity plans
- Protective Technology – describe how key systems and technologies should be protected,
including the use of intrusion detection systems (IDS)
Protect
Protection consists of four parts:
- Access Control – include issuing passwords and security badges, establish visitor management
processes, and define other access to restricted systems and facilities - Data Security – describe how to secure systems, data, documents, and applications
- Information Protection Processes and Procedures – include disaster recovery and business continuity plans
- Protective Technology – describe how key systems and technologies should be protected,
including the use of intrusion detection systems (IDS)
Detect
Detection consists of two parts:
- Anomalies and Events – describe how technology assets and systems are monitored for unauthorized access or activity
- Continuous Monitoring – include physical security measures, account monitoring, vulnerability scans, and use of non-authorized devices
Respond
Response consists of three parts:
- Communications – include an incident management policy and plan
- Analysis– describe the incident response capability and tracking of all cybersecurity incidents
- Mitigation – describe how vulnerabilities should be resolved or mitigated
Start Securing Your Business Today
Comply and Qualify
SirajTech works with companies to both comply with the SACS-002 cybersecurity standard and qualify for Saudi Aramco’s Cybersecurity Compliance Certificate (CCC).
Comply with the SACS-002 Standard
Qualify for CCC
Unblock Blocked Domains
Rely on SirajTech for All Aramco Compliance Issues
If you are a Saudi Aramco supplier and would like to achieve compliance with the SACS-002 standard and receive your cybersecurity compliance certificate (CCC), turn to the compliance experts at SirajTech.
Reach out to SirajTech today to see how we can help you with your Aramco compliance needs.