How well does your organization align with Saudi Aramco’s cybersecurity standards?

Saudi Aramco values strong cybersecurity practices among its Third Parties. Our CCC SACS-002 compliance serves as tangible evidence of your organization’s commitment to cybersecurity compliance, enabling you to demonstrate due diligence to Saudi Aramco and build trust as a reliable partner.


The cost of cybercrime is rapidly increasing, necessitating a comprehensive approach involving technology, policy, and education to protect organizations from ransomware attacks. It is crucial to continuously adapt and improve cybersecurity measures to stay ahead of evolving cyber threats.


Cybercrime costs projected to reach $8T in 2023 and rise to $10.5T by 2025


Humanity's data to reach 175 zettabytes by 2025 (175 followed by 21 zeros)


Of the ransom-paying organizations face second-round threats

Secure your Future with CCC SACS-002: Strengthening Cybersecurity for Aramco's Trusted Partners

The CCC SACS-002 is a program that makes sure that all companies that do business with Saudi Aramco have good cybersecurity practices. The program has a set of rules that the companies need to follow to protect their data and systems in the cloud. The rules are based on the SACS-002 standard, which has 197 rules in 17 categories. The program helps Saudi Aramco and its partners to be more secure and avoid cyberattacks.

Ducara offers a comprehensive Aramco Cybersecurity Compliance Certificate (CCC) SACS-002 service that helps companies to meet the cybersecurity requirements of the CCC program and get certified by an authorized audit firm.

Aramco CCC

Key requirements under Aramco CCC

The Aramco SACS-002 Third Party Cybersecurity Standard (CCC) consists of two main sections:

The General Requirements apply to all third parties working with Saudi Aramco, covering areas like cybersecurity policies, incident management, and compliance. It includes 24 controls across 7 sub-clauses.

The Specific Requirements apply based on the classification of third parties, such as network connectivity or cloud service providers. There are four classifications, each with a different set of controls across 10 domains like application security, data security, and risk management. In total, there are 173 controls.

To comply with the CCC SACS-002 standard, third parties must implement the applicable controls and obtain a compliance certificate from an authorized audit firm.

To Whom Does it Apply?

According to the official website of Aramco and the Third-Party Manual, the Aramco CCC SACS-002 program applies to:
  1. Companies that aim to conduct business and register with Saudi Aramco
  2. Companies that have an active procurement agreement with Saudi Aramco
  3. Companies that fall under one or more of the following classifications:
    • – General Requirements
    • – Outsourced Infrastructure
    • – Customized Software
    • – Network Connectivity

The program does not apply to:


  1. Companies that provide only physical goods or products to Saudi Aramco
  2. Companies that do not have any access to Saudi Aramco assets or data

Benefits of Aramco CCC

Enhanced cybersecurity measures

Improved reputation and trust

Access to new business opportunities

Recognition within the industry

Effective risk mitigation

Guidance and support throughout the certification process


To know more, Talk to an expert!


Ducara boasts a team of highly skilled and experienced professionals in the field of information security. We possess in-depth knowledge of industry best practices, emerging threats, and the latest technologies, ensuring that you receive expert guidance and solutions.
Ducara offers a wide range of information security services tailored to meet your specific needs. From risk assessments and vulnerability management to incident response and compliance consulting, Ducara provides end-to-end solutions to safeguard your organization’s valuable assets.
Ducara has a solid track record of successfully assisting numerous organizations across various industries in enhancing our information security posture. Our proven expertise and satisfied clientele are a testament to our commitment to delivering effective solutions.
We assist in developing and customizing essential documentation, conduct gap analysis, offer templates, review and validate existing documentation. With Ducara’s expertise, you can ensure your documentation aligns with standards, promotes compliance, and strengthens your information security framework.
Ducara understands that each organization has unique requirements and challenges. We take a customized approach, working closely with you to assess your specific risks, design targeted solutions, and implement measures that align with your business goals.
Information security is an ongoing process, and Ducara is committed to providing continuous support. We offer monitoring services, training programs, and proactive guidance to ensure that your organization remains resilient against evolving threats.
Ducara recognizes the importance of regulatory compliance in information security. We have extensive expertise in various compliance frameworks, such as ISO 27001, GDPR, and HIPAA, helping you navigate complex regulatory landscapes effectively.
Ducara prioritizes client satisfaction and maintains open communication throughout the engagement. We work collaboratively, ensuring that you are involved at every stage and that the solutions provided align with your expectations and requirements.
To know more, Talk to an expert!

Empower Your Team with Training and Awareness Programs by Ducara

Ducara offers a range of impressive and impactful training and awareness programs designed to empower your team in the realm of information security. With Ducara’s expertise, you can ensure that your employees are equipped with the knowledge and skills necessary to protect your organization’s valuable assets.

at hand?
Our solutions expand.

Let’s connect

Join forces with Ducara to ensure your business’s security is compliant with the latest cyber security standards. Together, we will safeguard your organization from potential cyber threats and lead the way to unprecedented achievements.

Let's Connect

Our Credibility

With ISO 9001: 2015, ISO 27001: 2022, ISO 27701: 2019, we assure that we have standardized quality, effective Information Security Management System with a privacy extension that makes us more reliable and trustworthy for our services and project engagements.