SACS-002 Cybersecurity Standard
The official standard for Saudi Aramco CCC certification
Standard Overview
Our download provides the complete and official SACS-002 Third Party Cybersecurity Standard. This document outlines the minimum cybersecurity controls required by Saudi Aramco for all contractors and suppliers.
What's Included
-
The Complete SACS-002 Standard: The full 26-page document outlining all cybersecurity requirements.
-
General & Specific Controls: Details on the mandatory General Requirements and additional controls for different vendor types.
-
Incident Response Instructions: The official appendix detailing Aramco's mandatory incident reporting protocol.
-
Auditing Event Requirements: The official appendix listing all system events that must be logged for compliance.
Official Compliance Document
The official standard published by Saudi Aramco, essential for any organization pursuing CCC certification.
Key Sections in the Standard
Comprehensive coverage of all cybersecurity areas required for Aramco CCC certification.
General Requirements (Section A)
The 23 mandatory controls for all third parties, covering Governance, Access Control, Data Security, and more.
Specific Requirements (Section B)
Additional controls for vendors with network connectivity, those processing critical data, or providing cloud services.
Appendix A - Incident Response
Detailed, step-by-step Cybersecurity Incident Response Instructions that must be followed.
Appendix C - Audit Events
A complete list of all system and security events that must be capable of being audited.
Ready for Your SACS-002 Audit?
Download the official SACS-002 standard and get expert guidance from our certified compliance professionals.