The Cybersecurity Compliance Certification (CCC) Program was established to ensure all Saudi Aramco third parties are in compliance with the cybersecurity requirements within the Third Party Cybersecurity Standard (SACS-002). All organizations providing services to Saudi Aramco must comply with the requirements and obtain the CCC certification. The certification has two versions which are to be complied by 1) Organizations providing services to Saudi Aramco (Cybersecurity Compliance Certificate-CCC) and 2) Organizations providing Network Connectivity and Data Processing Services to Saudi Aramco (Cybersecurity Compliance Certificate Plus- CCC+).
For organizations requiring CCC and CCC+ based on the classification, then only CCC+ is necessary.
Our approach follows the regulation’s needs with the addition of information security requirements necessary for the organisation that complement the CCC regulation. Sysprove has extensive experience in defining cybersecurity programs based on NIST CSF, SABSA, ISO 27001, HIPAA, GDPR, PDPL, FISMA, SOC2, and CIS.
Our Methodology
Understand the context of the organisation & services provided
Perform a gap analysis against the CCC controls.
Create a plan to close the gaps
Implement the plan by creating the required documentation, including policies, procedures, SOPs (Standard Operating Procedures).
Handhold the organisation in the implementation process
Perform an internal audit against the implemented controls to ensure compliance
Support closing of findings
For details on the Saudi Aramco Cybersecurity Controls Certification (CCC) refer to the official publications by Saudi Aramco.