SACS-002 Assessment Questionnaire
Complete our free self-assessment tool to identify compliance gaps and receive tailored remediation steps for Saudi Aramco's SACS-002 third-party cybersecurity requirements.
Why Compliance Matters for Third Parties
Saudi Aramco relies on third parties for critical services. A vulnerability could lead to massive disruptions. The SACS-002 standard mitigates these risks across 23 key areas.
Build Trust
Demonstrate an elite commitment to operational security standards and data integrity directly to Aramco assessors upon review.
Competitive Advantage
Stand out from non-compliant market competitors and immediately unlock $50M+ in protected purchase orders scaling with Saudi Aramco.
Risk Mitigation
Aggressively protect against state-sponsored cyber threats, ransomware branches, and reputational collapse that destroys supply chains.
Key Areas of Focus (TPC-1 to TPC-23)
The questionnaire's technical sections heavily target these primary domains required for CCC approval.
1. Policy and Governance
Requires heavily documented internal policies governing technology use, annual cybersecurity training records for all staff, and explicit data disclosure prohibitions tied to NDAs.
2. Technical Controls
Enforces complex strict password management (90-day rotation, multi-symbol structures), mandatory Multi-Factor Authentication (MFA), and daily anti-virus telemetry updates.
3. Email and Domain Security
Ensures authoritative email domains utilize strict Sender Policy Framework (SPF) records and DKIM keys. Heavily penalizes the use of general domains like Gmail for official communications.
4. Incident & Access Management
Mandates rigorous access controls and logging coupled with a 24-hour notification window directly to Saudi Aramco for credential revocation or active cybersecurity containment incidents.
Ready to Map Your Real Compliance Level?
Completing the automated questionnaire normally occupies less than 5 minutes. Take the test to instantly uncover your architectural blind-spots.
Instant Algorithmic Breakdown
Receive a hyper-detailed technical risk dashboard detailing exactly what you must fix prior to Aramco evaluation.
Included Following Submission
- Clear Actionable Remediation Steps
- Confidential gap analysis delivery
- Free SACS-002 alignment consultation
Start The Engine
Access the official Microsoft Form evaluation module hosted securely on NHR Alemtithal servers.
Launch AssessmentData protected by 256-bit encryption
Frequently Asked Questions
Common questions regarding the SACS-002 preliminary assessment.
Is this assessment fully comprehensive for SACS-002?
Yes. The questionnaire has been professionally engineered to address all 23 primary technical and administrative controls delineated by the Saudi Aramco Cybersecurity Standard, ensuring an accurate preliminary reading of your compliance posture.
How long does the assessment take to execute?
The entire evaluation comprises 24 highly targeted technical questions and can normally be completed safely by a technical manager or IT administrator within 5 to 10 minutes.
Are my assessment results shared with Aramco or third parties?
Absolutely not. Your results are strictly confidential. Data submitted through this portal is algorithmically evaluated solely to generate your private remediation report and is never forwarded to external entities or Saudi Aramco regulatory auditors.
What happens immediately after I submit?
Upon submission, our backend evaluation engine dynamically analyzes your responses. Check your nominated email within 20 minutes to receive an executive snapshot of your compliance level and prioritized remediation instructions.
Is there any commitment required?
No. This is a 100% free tool designed simply to help contractors gauge their current technical operational baseline against SACS-002 thresholds prior to requesting an official Aramco audit.