10xDS Cybersecurity Compliance Certificate (CCC) Program helps Saudi Aramco third-party vendors and direct suppliers become Audit Ready

Saudi Aramco, one of the largest energy and chemicals companies in the world, has made it mandatory to all its third-party vendors and direct suppliers to produce a Cybersecurity Compliance Certificate (CCC) from an authorised audit firm before conducting business with them. This program was introduced to ensure that all their third-party vendors and suppliers are adhering to the cybersecurity requirements mandated by their Third-Party Cybersecurity Standard (TPCS).

The CCC program is applicable to all third parties. Additional specific cybersecurity requirements are defined for parties providing Network Connectivity, Outsourced Infrastructure, Critical Data Processor and Customized Software. By implementing the CCC Program, Aramco aims to minimize cyber risks and strengthen Third parties’ security posture which has been a major threat over the years for the company. The authorized firms recognized by Aramco include Baker Tilly, BDO, Crowe, Deloitte, Grant Thornton, KPMG, RSM and STC Solution. The issued certificate from these firms will be valid for two years.

10xDS Cybersecurity Compliance Certificate Program enables third-party organizations to obtain Cybersecurity Compliance Certificate (CCC) from Saudi Aramco authorized audit firms. Through the CCC program 10xDS helps organizations to develop Information and Cybersecurity Framework, formulate policies and procedures, conduct Information Security Awareness Trainings, perform pre-audits, and other aspects to become audit-ready.