ARAMCO CCC
Third Party Cybersecurity Compliance Certificate
The Third Party Cybersecurity Compliance Certificate, known as Aramco CCC, Program was established by Saudi Aramco for all Saudi Aramco third parties contractors to ensure compliance with the cybersecurity requirements and controls in the Third Party Cybersecurity Standard (SACS-002).
How to get certified
TO PROCESS YOUR ARAMCO CCC ALONG WITH KITE
- For new companies registering with Saudi Aramco procurement and contracting departments: The company must implement all requirements under “A. General Requirements” section in Third Party Cybersecurity Standard (SACS-002).
- For existing companies that have an active procurement or contracting agreement with Saudi Aramco:
- Inform all focal points within Saudi Aramco that your organization has ongoing compliance to fulfil the Third Party Classification.
- File the Third Party Classification Confirmation Letter.
- If your organization fall under more than one classification, then all the cybersecurity controls under the determined classifications are required.
- KITE help in selecting an Authorized Audit Firm
- KITE will help you select the proper auditor for your business based on your type of business, budget, urgency and customer experience with a particular firm
- Compliance Verification & Issuance
- KITE will handle all the necessary paper work, documents and required templates end to end to ensure smooth certificate issuing
- Submit issued CCC
- Your origination will need to submit the issued Third Party Cybersecurity Compliance Certificate and the Cybersecurity Compliance Report by the Authorized Audit Firm to Saudi Aramco through the official Aramco vendor portal.
- CCC Validity & Renewal
- The certificate is valid for 2 years. KITE team will be in contact with you 6 months in advance before expiration to ensure smooth renewal and meeting Aramco certificate compliances and controls.