Ensure compliance with Saudi Aramco cybersecurity standards Saudi Aramco is an important customer for more than 50,000 contractors and suppliers. Swip Tech helps those companies comply with Aramco’s strict SACS-002 cybersecurity standard.
SACS-002 Cybersecurity Standard
The SACS-002 third-party cybersecurity standard sets forth the minimum cybersecurity requirements for companies working with Saudi Aramco. It is designed to protect Aramco from cyberthreats and strengthen the security posture of those partner companies.
Identify
The identification component consists of four parts:
• Asset Management – catalog and classify digital assets
• Governance – establish cybersecurity policies, standards, and staffing
• Risk Assessment – conduct penetration testing for IT infrastructure and websites
• Risk Management Strategy – identify, access, and remediate risks to data and information systems
Protect
Detection consists of two parts:
• Anomalies and Events – describe how technology assets and systems are monitored for unauthorized access or activity
• Continuous Monitoring – include physical security measures, account monitoring, vulnerability scans, and use of non-authorized devices
Detect
Protection consists of four parts:
• Access Control – include issuing passwords and security badges, establish visitor management processes, and define other access to restricted systems and facilities
• Data Security – describe how to secure systems, data, documents, and applications
• Information Protection Processes and Procedures – include disaster recovery and business continuity plans
• Protective Technology – describe how key systems and technologies should be protected, including the use of intrusion detection systems (IDS)
Respond
Response consists of three parts:
• Communications – include an incident management policy and plan
• Analysis – describe the incident response capability and tracking of all cybersecurity incidents
• Mitigation – describe how vulnerabilities should be resolved or mitigated
Comply and Qualify
Swip Tech works with companies to both comply with the SACS-002 cybersecurity standard and qualify for Saudi Aramco’s Cybersecurity Compliance Certificate (CCC).
Comply with the SACS-002 Standard
We will work with you to apply all the required controls in the SACS-002 standard. We will help you coordinate with Aramco until compliance is achieved.
Qualify for CCC
We have worked with dozens of suppliers to apply for Aramco’s CCC. Our experts will help you do everything you need to do to receive your Aramco cybersecurity certificate.
Unblock Blocked Domains
If your company has had its domain blocked by Aramco for being non-compliant with cybersecurity controls, we can help. We will work with you to apply all the required controls in the mandated standard and coordinate with Aramco until compliance is achieved.
Contact us for All Aramco Compliance Issues
If you are a Saudi Aramco supplier and would like to achieve compliance with the SACS-002 standard and receive your cybersecurity compliance certificate (CCC), turn to the compliance experts at Swip Tech.