CCC next steps announced by Saudi Aramco

Saudi Aramco, one of the largest energy and chemicals companies in the world, had made it mandatory to all its third-party vendors and direct suppliers to produce a Cybersecurity Compliance Certificate (CCC) from an authorised audit firm before conducting business with them. This program was introduced to ensure that all their third-party vendors and suppliers are adhering to the cybersecurity requirements mandated by their Third-Party Cybersecurity Standard (TPCS). They have now announced that any delay in submitting the CCC could result in disabling Supplier’s domain and email communication with Saudi Aramco and Supplier’s access to Saudi Aramco systems. Those who have already obtained CCC need to submit it through the Saudi Aramco e-Marketplace (SAP Ariba) by updating section 23 (cybersecurity requirement) of the registration questionnaire. 10xDS Cybersecurity Compliance Certificate Program enables third-party organizations to obtain Cybersecurity Compliance Certificate (CCC) from Saudi Aramco authorized audit firms.