GOtech Receives Saudi Aramco’s Third Party Cybersecurity Compliance Certificate (CCC+)
GOtech is proud to announce that we have officially received Saudi Aramco’s Third Party Cybersecurity Compliance Certificate (CCC+).
The CCC Program was established to ensure all Saudi Aramco third parties are in compliance with the cybersecurity requirements in the Third Party Cybersecurity Standard (SACS-002).
CCC vs. CCC+
The CCC requires the third party to conduct a compliance self-assessment against the scoped controls as detailed in SACS-002, and have the compliance assessment package validated remotely by one of the authorized audit firms. The CCC+ will require one of the authorized firms to conduct onsite assessment of the third party against the scope controls, as detailed in SACS-002. The CCC+ will be required for third parties classified as Network Connectivity or Critical Data Processor, whereas the CCC will be required for the remaining third parties that do not fall under the aforementioned classifications.