Saudi Aramco SuppliersSACS-002 · Third Party Cybersecurity Standard

SACS-002 Compliance,
Automated

The only compliance platform built specifically for Saudi Aramco's Third Party Cybersecurity Standard. All 24 TPC controls checked automatically — get CCC audit-ready in days, not months.

Request a Proposal →See how it works →

24 automated controls

2-year renewal ready

CCC audit-ready reports

Who it applies to

Does your company work with Saudi Aramco?

If yes, SACS-002 is mandatory. No exceptions.

General Suppliers

24 controls (Section A)

CCC certification

Outsourced Infrastructure

Additional controls

CCC certification

Customized Software

Additional controls

CCC certification

Network Connectivity

All controls

CCC+ (on-site audit)

Critical Data Processors

All controls

CCC+ certification

⚠️ Aramco requires CCC renewal every 2 years. Suppliers without valid certification cannot do business with Aramco.

Controls

24 SACS-002 controls. Automated.

NetGuard maps your AWS, Okta, and firewall configurations directly to each TPC control.

Govern

TPC-01Policy documented✅

TPC-02Roles defined✅

TPC-03Annual awareness training✅

Identify

TPC-04Asset inventory✅

TPC-05Unique user accounts✅

Protect

TPC-07MFA cloud via Okta✅

TPC-08PAM✅

TPC-09Access revoked 24h via Okta✅

TPC-10Password complexity✅

TPC-12Encryption (AWS)✅

TPC-14Antivirus/EDR (GuardDuty)✅

TPC-15Patching✅

TPC-16Firewalls (Palo Alto/Meraki)✅

TPC-17Network segmentation✅

TPC-18Secure remote access✅

TPC-19SPF record✅

TPC-20Vulnerability assessments✅

Detect

TPC-22Endpoint firewall✅

Respond

TPC-23Incident notification✅

TPC-24IR plan tested✅

Manual (requires auditor)

TPC-06No shared credentials📋

TPC-11Data classification📋

TPC-13Data sanitization📋

TPC-21CCC from authorized auditor📋

✅ Automated by NetGuard📋 Requires authorized CCC auditor

How it works

From setup to CCC-ready
in 3 steps

🔌

Connect integrations

Connect AWS, Okta, and Palo Alto/Meraki in under 30 minutes. Read-only access — NetGuard never modifies your infrastructure.

⚡

Run SACS-002 scan

NetGuard checks all 24 TPC controls automatically — mapping your configurations to each control with timestamped evidence.

📄

Download CCC audit package

Export your complete evidence package mapped to each TPC control. Your authorized CCC auditor gets everything they need, organized.

Comparison

Manual SACS-002 vs NetGuard

	Manual	NetGuard
Time to audit-ready	3–6 months	Days
Consultant cost	$15,000–50,000	$0
Evidence collection	Manual screenshots	Automated
Continuous monitoring	❌	✅
Renewal preparation	Starts from scratch	Always ready
Monthly cost	$5,000–15,000	$599

FAQ

Common questions

What is SACS-002?▾

Saudi Aramco's Third Party Cybersecurity Standard — mandatory for all companies doing business with Aramco.

What is a CCC certificate?▾

Cybersecurity Compliance Certificate — issued by an Aramco-authorized audit firm after verifying SACS-002 compliance. Valid for 2 years.

Does NetGuard issue the CCC?▾

No — the certificate is issued by an Aramco-authorized audit firm. NetGuard automates evidence collection to get you audit-ready faster and cheaper.

How long does SACS-002 take with NetGuard?▾

Most customers connect integrations and run their first SACS-002 scan within 30 minutes. Full audit-ready evidence packages are generated automatically.

Which integrations does NetGuard use for SACS-002?▾

AWS (encryption, patching, GuardDuty), Okta (MFA, access control), Palo Alto/Meraki (firewall, segmentation), GitHub/GitLab (secure development).

Ready to automate your SACS-002 compliance?

Connect integrations in 30 minutes. Full CCC audit package generated automatically.

Request a Proposal →

14-day free trial · No credit card · Cancel anytime

Also supports NCA ECC 2-2024 for Saudi government entities.

SACS-002 Compliance,Automated