Aramco SACS-002 | Aramco SACS-002 Compliance


Becoming SACS-002 Compliant is Straight Forward with 4S

At 4S, We partner with our clients to help navigate the SACS-002 audit processes and ensure certification readiness. Let us help you avoid the pitfalls when trying to satisfy the many Aramco requirements.

We will help you coordinate with Aramco for a smooth Acquisition of your Certification.

Partnering with you to achieve SACS-002 compliance
Play Video

WHAT IS THE SACS-002 TPCS?

Third Party Cybersecurity Standard (TPCS) sets forth the minimum Cybersecurity requirements for Saudi Aramco Third Parties to protect Saudi Aramco from possible cyber threats and strengthen Third Parties’ security posture.

SACS-002 & OTHER STANDARDS

SACS is a combination of aspects from different cybersecurity standards, as shown below.  In order to simplify third party efforts for implementing cybersecurity, SACS defines Third Party Controls (TPC) to ensure the major categories of NIST 800-53 are unified into a set of 24 General Requirements or  set of 87 Specific Requirements TPC’s that third parties must comply.  As per NIST Cybersecurity Framework (CSF) the three cybersecurity categories included in SACS-002 are Identify, Protect and Respond.

THE CCC OBJECTIVE

The Cybersecurity Compliance Certification (CCC) program has been introduced to ensure that all third parties obtain a cybersecurity compliance certificate from the authorized audit firm, to confirm their adherence to the cybersecurity requirements, as mandated in the Third Party Cybersecurity Standard (SACS-002), to conduct business with Saudi Aramco.

WHAT IS REQUIRED TO GAIN SACS-002 CERTIFICATION

What your company requires to achieve certification will depend on many varying factors. Your Security status will need to be ascertained before we can advise on how specifically to reach the level required to become certified under SACS-002. An overview of the requirements are provided below:

I. 23 General Requirements

II. 23 + 69 Specific Requirements

Additional specific Cyber Security requirements are defined for a Third Party whom below classes might describe:

  • Network Connectivity: Third Party is provided with network connectivity to Saudi Aramco Corporate Network to access Saudi Aramco intranet services and perform required work. This connectivity is provided through leased lines or through certain VPN solutions such as SSL VPN over private links or site-to-site VPN over the Internet.
  • Outsourced Infrastructure: Third Party is managing, maintaining and/or supporting an infrastructure on behalf of Saudi Aramco.
  • Critical Data Processor: Third Party is developing, accessing and/or processing Saudi Aramco Critical Data.
  • Customized Software: Third Party is developing and/or hosting a customized software, application, website or solution for Saudi Aramco.

You can find the full list for the Updated 2022 SACS-002 Cyber Security Standard Here (sacs-002-third-party-cybersecurity-standard.pdf) [Updated February 2022]

HOW WE HELP OUR CLIENTS

We deliver to our Clients’ an actionable cyber security intelligence relative to their business, showing threats and threat actors interested in harming their business & their clients.

we can support you to take the right precautions to avoid such crises.

OUR SCOPE OF WORK

Phase 1:
  • Compliance Report (Gap Analysis) – Identify the gaps need to be closed in order to meet SACS-002 Standard compliance.
Phase 2:
  • Work on closing the identified gaps, provide any required policies and procedures, centralized policy administration solution, implement training programs and work on all the requirement to be compliance with SACS-002.
Phase 3:
  • Administer and coordinate evidence collection for auditor, Screenshots, videos, emails, etc. Liaise with auditor and build evidence submission report.
4S Cyber Security scope of work methodoloogy

4S PARTNERS WITH YOUR BUSINESS BEYOND CERTIFICATION

Saudi Aramco Logo
Get in touch now to find out how our experts can help your business become certified. You can Rely on 4S. 

Enter your details into the form and we will contact you to discuss how we can help you achieve the security standards required to become SACS-002 Certified;

Our address:
Prince Mohammad corner 2nd Street
P.O. Box 1557, Al-Khobar 31952
Kingdom of Saudi Arabia
Our Office

Clients of 4S

INDUSTRIAL CYBERSECURITY CLIENTS AND END-USERS

 

INDUSTRIAL AUTOMATION CLIENTS

 

REFRACTORY SERVICES AND PRODUCTS CLIENT

SACS-002 COMPLIANCE CLIENTS

 

This website uses Third Party Cookies. You agree to cookies by using this website.