Aramco Cybersecurity Compliance Certification (CCC)

The Cybersecurity Compliance Certification (CCC) Program was established to ensure all Saudi Aramco third parties are in compliance with the cybersecurity requirements within the Third Party Cybersecurity Standard (SACS-002). All organizations providing services to Saudi Aramco must comply with the requirements and obtain the CCC certification. The certification has two versions which are to be complied by 1) Organizations providing services to Saudi Aramco (Cybersecurity Compliance Certificate-CCC) and 2) Organizations providing Network Connectivity and Data Processing Services to Saudi Aramco (Cybersecurity Compliance Certificate Plus- CCC+).

For organizations requiring CCC and CCC+ based on the classification, then only CCC+ is necessary.

Our approach follows the regulation’s needs with the addition of information security requirements necessary for the organisation that complement the CCC regulation. Sysprove has extensive experience in defining cybersecurity programs based on NIST CSF, SABSA, ISO 27001, HIPAA, GDPR, PDPL, FISMA, SOC2, and CIS.

Our Methodology

Understand the context of the organisation & services provided

Perform a gap analysis against the CCC controls.

Create a plan to close the gaps

Implement the plan by creating the required documentation, including policies, procedures, SOPs (Standard Operating Procedures).

Handhold the organisation in the implementation process

Perform an internal audit against the implemented controls to ensure compliance

Support closing of findings

For details on the Saudi Aramco Cybersecurity Controls  Certification (CCC) refer to the official publications by Saudi Aramco.

Previous Next
Test Caption
Test Description goes like this