Saudi Aramco Third Party Cybersecurity Standard (SACS-002)

Ensure compliance with all Saudi Aramco cybersecurity standards

Ensure compliance with all Saudi Aramco cybersecurity standards

Saudi Aramco is an important customer for more than 5,000 contractors and suppliers. SirajTech helps those companies comply with Aramco’s strict SACS-002 cybersecurity standard.

Understanding the SACS-002 Cybersecurity Standard

The SACS-002 third-party cybersecurity standard sets forth the minimum cybersecurity requirements for companies working with Saudi Aramco. It is designed to protect Aramco from cyberthreats and strengthen the security posture of those partner companies.

The standard consists of four major components:

Identify

The identification component consists of four parts:

  • Asset Management – catalog and classify digital assets
  • Governance – establish cybersecurity policies, standards, and staffing
  • Risk Assessment – conduct penetration testing for IT infrastructure and websites
  • Risk Management Strategy – identify, access, and remediate risks to data and information
    systems

Protect

Protection consists of four parts:

  • Access Control – include issuing passwords and security badges, establish visitor management
    processes, and define other access to restricted systems and facilities
  • Data Security – describe how to secure systems, data, documents, and applications
  • Information Protection Processes and Procedures – include disaster recovery and business continuity plans
  • Protective Technology – describe how key systems and technologies should be protected,
    including the use of intrusion detection systems (IDS)

Protect

Protection consists of four parts:

  • Access Control – include issuing passwords and security badges, establish visitor management
    processes, and define other access to restricted systems and facilities
  • Data Security – describe how to secure systems, data, documents, and applications
  • Information Protection Processes and Procedures – include disaster recovery and business continuity plans
  • Protective Technology – describe how key systems and technologies should be protected,
    including the use of intrusion detection systems (IDS)

Detect

Detection consists of two parts:

  • Anomalies and Events – describe how technology assets and systems are monitored for unauthorized access or activity
  • Continuous Monitoring – include physical security measures, account monitoring, vulnerability scans, and use of non-authorized devices

Respond

Response consists of three parts:

  • Communications – include an incident management policy and plan
  • Analysis– describe the incident response capability and tracking of all cybersecurity incidents
  • Mitigation – describe how vulnerabilities should be resolved or mitigated

Start Securing Your Business Today

Comply and Qualify

SirajTech works with companies to both comply with the SACS-002 cybersecurity standard and qualify for Saudi Aramco’s Cybersecurity Compliance Certificate (CCC).

Comply with the SACS-002 Standard

We will work with you to apply all the required controls in the SACS-002 standard. We will help you coordinate with Aramco until compliance is achieved.

Qualify for CCC

We have worked with dozens of suppliers to apply for Aramco’s CCC. Our experts will help you do everything you need to do to receive your Aramco cybersecurity certificate.

Unblock Blocked Domains

If your company has had its domain blocked by Aramco for being non-compliant with cybersecurity controls, we can help. We will work with you to apply all the required controls in the mandated standard and coordinate with Aramco until compliance is achieved.

Rely on SirajTech for All Aramco Compliance Issues

If you are a Saudi Aramco supplier and would like to achieve compliance with the SACS-002 standard and receive your cybersecurity compliance certificate (CCC), turn to the compliance experts at SirajTech.

Reach out to SirajTech today to see how we can help you with your Aramco compliance needs.