KSA - ARAMCO
Cybersecurity Compliance Certification (CCC), Plus

Third Party Cybersecurity Compliance Certificate
The CCC Program is to ensure third party compliance with cybersecurity requirements.

The CCC Program was established to ensure all Saudi Aramco third parties are in compliance with the cybersecurity requirements in the Third Party Cybersecurity Standard (SACS-002).

How to get certified

Perform the following steps to obtain Saudi Aramco Cybersecurity Compliance Certificate (CCC):
1. Certification Requirements Preparation

1.1. For companies that aims to conduct business and register with Saudi Aramco: The company must comply with all controls under “A. General Requirements” section in Third Party Cybersecurity Standard (SACS-002).
1.2. For companies that have an active procurement agreement with Saudi Aramco:
        1.2.1. Initiate a request to all proponent organizations within Saudi Aramco that your company has ongoing business with to fill the Third Party Classification Template.
        1.2.2. Fill the Third Party Classification Confirmation Letter.
        1.2.3. If the company fall under more than one classification, then all the cybersecurity controls under the determined classifications are required.
1.3. Identify applicable certificate type and assessment