All Posts
Aramco Cybersecurity Compliance 84 Views 2 min read

Aramco’s TPC-1: Your Guide to Crafting a Robust Cybersecurity AUP

Last Updated March 7, 2026
Aramco's TPC-1: Your Guide to Cybersecurity AUP

Aramco’s cybersecurity standards, outlined in SACS-002 Third Party Cybersecurity Standard, aim to protect sensitive data and ensure secure connectivity. One crucial control is TPC-1 , which mandates the establishment of a comprehensive Cybersecurity Acceptable Use Policy (AUP).

Why Is an AUP Important?

An AUP is critical for:

  • Establishing clear guidelines on technology asset usage.
  • Ensuring compliance with Aramco’s cybersecurity requirements.
  • Protecting sensitive data and minimizing security risks.

Crafting Your Cybersecurity Acceptable Use Policy

To comply with TPC-1, your AUP should include the following elements:

1. Purpose and Scope

  • Clearly state the purpose of the AUP.
  • Define its scope, including who it applies to and what types of assets are covered.

2. Policy Statement

  • Describe your organization’s commitment to cybersecurity.
  • Outline the expectations for employees regarding technology asset usage.

3. Roles and Responsibilities

  • Define roles and responsibilities related to AUP enforcement and compliance.

4. Acceptable Use

  • Detail permitted uses of technology assets, such as:
    • Work-related tasks
    • Limited personal use (if allowed)
    • Prohibited activities, like accessing inappropriate content or engaging in illegal activities

5. Unacceptable Use

  • Clearly outline what constitutes unacceptable use of technology assets.

6. Enforcement and Consequences

  • Describe how policy violations will be detected, investigated, and addressed.
  • Outline the consequences for non-compliance, which may include disciplinary actions or termination.

Implementing Your AUP

Once you’ve crafted your AUP:

  1. Obtain approval from management.
  2. Communicate the policy to all relevant employees.
  3. Provide training on the AUP to ensure understanding and compliance.
  4. Regularly review and update the policy as needed.

Need Assistance with TPC-1 Compliance?

At NHR Alemtithal for IT, we specialize in helping organizations comply with Aramco’s cybersecurity controls. Our Aramco All-in-One Compliance Kit service ensures you meet all requirements, including TPC-1.

Contact us today:

Share this article:
Fast-Track Your Compliance

Need help with Aramco CCC Certification?

Get a Free Expert Consultation.

Aramco Kit
Ali Aljubaily

Ali Aljubaily

Cybersecurity Consultant

I am Ali Yousef, a certified engineer from Microsoft, holding the Microsoft Certified System Associate certification as well as the CompTIA Network+ certification. I work as the Group IT Manager.

Latest

Explore Our Blog Posts

Discover insightful articles on cybersecurity and more.

Aramco Third-Party Cybersecurity (TPCS) 2026 Assessment Questionnaire
Aramco Cybersecurity Compliance 31 Views 4 min read

Aramco TPCS 2026: Is Your Organization Ready for Third-Party Cybersecurity Compliance?

Evaluate your Aramco Third-Party Cybersecurity compliance with our free 2026 TPCS questionnaire. Get instant remediation steps. No commitment. Saudi-focused.
Read more
Aramco Cybersecurity Compliance - Email Compliance Guide
Aramco Cybersecurity Compliance 46 Views 11 min read

Pass the TPCS Email Audit with Exchange Online and Defender for Office 365

Achieve TPCS email security compliance using Exchange Online and Defender for Office 365. A step-by-step guide for Vendors seeking Aramco...
Read more
Access Control SACS-210 compliance guide for IT Managers TPC1.9 TPC1.12
Aramco Cybersecurity Compliance 61 Views 8 min read

What Is Access Control in SACS-210? An IT Manager’s Guide

Wondering what is access control for SACS-210? Eliminate guesswork and get auditor-ready templates to enforce MFA, RBAC, and secure corporate...
Read more

Our Certified Expertise and Technology Partnerships

We are certified partners with the world's leading cybersecurity vendors to deliver best-in-class solutions.

Microsoft
Microsoft
Certified Partner
Bitdefender
Bitdefender
Gold Partner
Fortinet
Fortinet
Authorized Partner
Acronis
Acronis
Certified Partner

Ready to Secure Your Business?

Our cybersecurity experts are here to help you achieve compliance and protect your digital assets with our 100% remote implementation model. Achieving compliance requires zero on-site field visits or internal IT hours. Contact us for a free, no-obligation assessment of your cybersecurity needs. We are committed to a 2-hour response time for all inquiries during business hours.

Get In Touch Call +966 55 653 8840
2-hour response time
Free consultation
Certified experts