SACS-002 Assessment Questionnaire
Complete our free self-assessment tool to identify compliance gaps and receive tailored remediation steps for Saudi Aramco's SACS-002 third-party cybersecurity requirements. 5 minutes • Instant report • No signup required
Content reviewed by Ali Yousef, Founder & Certified Security Consultant (OSCP, CEH) • Updated March 2026
How the Assessment Works
Our streamlined process helps you identify compliance gaps quickly and efficiently.
Gather Your Team
Involve IT, HR, and compliance stakeholders to ensure accurate responses.
Answer Questions
Respond Yes/No to 23 questions covering all SACS-002 TPC controls.
Get Instant Report
Receive immediate gap analysis with prioritized remediation steps.
Take Action
Use the report to plan remediation or request expert consultation.
Why Cybersecurity Compliance Matters for Third Parties
Saudi Aramco, like many global enterprises, relies on third parties for critical services. A single vulnerability in a vendor's cybersecurity posture could lead to data breaches, operational disruptions, or reputational damage. The SACS-002 standard mitigates these risks by mandating robust controls across 23 key areas (TPC-1 to TPC-23).
Build Trust
Demonstrate commitment to security standards
Competitive Advantage
Stand out from non-compliant competitors
Risk Mitigation
Protect against cyber threats and breaches
What is the SACS-002 Assessment Questionnaire?
This automated tool provides third parties with an initial gap analysis against SACS-002 requirements. By answering "Yes" or "No" to structured questions, organizations can identify weaknesses and receive tailored remediation steps.
Comprehensive Scope
Covers policies, technical controls, training, and incident management.
Efficient Process
Delivers a rapid overview of compliance gaps without formal audits.
Actionable Insights
Generates a report with prioritized remediation actions.
Important Note
The tool is not a substitute for official certification (e.g., the Cybersecurity Compliance Certificate, or CCC). Instead, it serves as a starting point for organizations to prepare for deeper audits.
Key Areas of Focus in the Questionnaire
The questionnaire's 23 sections address critical cybersecurity domains. Here are highlights:
1. Policy and Governance
Acceptable Use Policies (AUP)
Requires documented policies governing technology use, regular updates, and employee training.
Annual Cybersecurity Training
Mandates yearly training on phishing, password security, and data protection, with records maintained.
Data Disclosure Prohibitions
Explicitly bans sharing Saudi Aramco data via unauthorized channels.
2. Technical Controls
Password Management
Enforces complex passwords (8+ characters with special symbols), 90-day rotation, and account lockouts after 10 failed attempts.
Multi-Factor Authentication (MFA)
Mandates MFA for remote access and cloud services (e.g., Microsoft 365, AWS).
Anti-Virus Protections
Requires daily updates and biweekly full scans across all endpoints.
3. Email and Domain Security
SPF Records
Ensures email domains use Sender Policy Framework (SPF) to combat spoofing.
Private Email Domains
Prohibits generic domains (e.g., Gmail) for official communications.
4. Incident and Access Management
Access Revocation
Requires notifying Saudi Aramco within 24 hours when employees with Aramco credentials leave.
Off-boarding Procedures
Formal processes for asset return and access removal.
Incident Response
Mandates a 24-hour notification window to Saudi Aramco for cybersecurity incidents.
Limitations and Considerations
Self-Reported Data
Results depend on truthful responses; technical validation may still be needed.
Complementary Tool
The questionnaire is a preliminary step, not a formal audit.
Data Privacy
NHR Alemtithal processes responses solely for generating reports, as per our disclaimer.
What Businesses Say About Our Assessment
Real feedback from organizations that used our free assessment tool.
"The assessment helped us identify 8 critical gaps we didn't know existed. The remediation steps were clear and actionable. We achieved CCC certification within 2 months."
"Free, fast, and incredibly useful. The assessment gave us a clear roadmap for compliance. NHR's team then helped us implement the recommendations efficiently."
Conclusion: Proactive Compliance Pays Off
The SACS-002 Assessment Questionnaire is more than a checklist—it's a roadmap to stronger cybersecurity practices. By addressing gaps early, third parties can avoid costly breaches, streamline certification processes, and demonstrate their commitment to safeguarding Saudi Aramco's assets.
Ready to start?
Complete the questionnaire and take the first step toward SACS-002 alignment.
Complete the QuestionnaireFor further assistance, explore NHR Alemtithal's cybersecurity services to bridge gaps and secure your partnership with Saudi Aramco.
Related SACS-002 Resources
Download our free resources to support your compliance journey.
Frequently Asked Questions
Get answers to common questions about the SACS-002 Assessment Questionnaire.
What is the SACS-002 Assessment Questionnaire?
How long does the assessment take?
Is this assessment a substitute for official CCC certification?
Do I need to create an account to use this tool?
What happens after I complete the assessment?
Start Your SACS-002 Compliance Journey
Take the first step toward securing your partnership with Saudi Aramco. Complete our free assessment questionnaire and get personalized recommendations.