[01]
Network Connectivity
VPN, leased lines, site-to-site links into the Aramco Corporate Network. Includes secure transport, segmentation, and Aramco-approved configuration.
Urgent
SACS-210 grace period ends 26 August 2026 —
82 days remaining.
Book your gap analysis now.
Book →
FLAGSHIP · ARAMCO READINESS
CCC · CCC+ · Audit-Ready
SACS-210 — full Aramco cybersecurity readiness for third-party vendors.
Full SACS-210 readiness for Saudi Aramco vendors — covers every Aramco third-party segment (Network Connectivity, Outsourced Infrastructure, Critical Data Processing, Cloud Services). CCC & CCC+ preparation, Fortinet hardening, vulnerability scoping, and audit-ready evidence. Dammam, Riyadh, Jeddah.
SACS-210 scope
Four segments. Full coverage.
Every Aramco third-party vendor falls under one or more SACS-210 segments. Skyline covers all four.
[02]
Outsourced Infrastructure
Third-party managed servers, storage, virtualization, networking, or co-location supporting Aramco operations.
[03]
Critical Data Processing
Processing, transmission, or storage of Aramco data — financial, operational, project, or personnel records.
[04]
Cloud Services
IaaS, PaaS, SaaS that store, process, or transmit Aramco-classified data. Includes cloud-native cybersecurity controls.
Delivery methodology
6 stages — gap analysis to AAF certification.
1
Gap Analysis (5 Days)
2
Governance Implementation (2 Weeks)
3
Technical Control Rollout (4-6 Weeks)
4
Testing & Validation (1 Week)
5
Audit Evidence Packaging (1 Week)
6
AAF Audit & Certification (2-3 Weeks)
Sub-services included
8 technical services in one contract.
SACS-210 Gap Analysis
5-day assessment to scope and identify missing controls
Fortinet FortiGate Configuration
NGFW hardening, VDOM segmentation, policies, IPS/AV
OT/IT Network Segmentation
Industrial DMZ, inter-zone firewalls, ICS monitoring
Privileged Access Management (PAM)
CyberArk, BeyondTrust, Delinea — session recording
SIEM Deployment
Splunk, QRadar, Sentinel, FortiSIEM — 12-month retention
Annual Penetration Testing
Network, web app, social engineering, OWASP, NIST SP 800-115
Audit Evidence Packaging
120+ artifacts, data room, AAF interview coaching
Annual Compliance Maintenance
SOC monitoring, scans, training, certificate renewal
Team certifications
Licensed against the global standards.
Every engineer on the delivery team carries globally-recognised certifications.
Fortinet NSE 7 Network Security Architect
Fortinet NSE 8 Network Security Expert
Palo Alto PCNSE (PAN-OS 11)
ISACA CISA (Certified Information Systems Auditor)
ISACA CISM (Certified Information Security Manager)
(ISC)² CISSP (Certified Information Systems Security Professional)
Offensive Security OSCP
ISO/IEC 27001:2022 Lead Implementer & Lead Auditor
SAMA Cyber Security Framework Specialist
NCA ECC-1:2018 Authorized Consultant
Recent case studies
CCC
CCC
CCC
Aramco contractors certified with us.
CCC+ for Aramco Pipeline Maintenance Contractor
Aramco-approved pipeline maintenance contractor facing contract renewal in August 2026 — failed 14 of 85 controls in initial SACS-210 assessment.
→ CCC+ certificate achieved on first attempt in 11 weeks, preserved a SAR 45M contract, 92% drop in unauthorized access attempts within 6 months post-deployment.
CCC for Aramco Technical Consulting SaaS Vendor
Cloud platform vendor hosting sensitive Aramco project data — had zero compliance posture before SACS-210 engagement.
→ Remote CCC certification in 7 weeks, retained market position with 4 major Aramco contractors, won 2 new SABIC clients on the back of the same compliance package.
CCC+ for Jubail-based EPC Firm
Broad-scope EPC firm (construction, project management, engineering design, in-house software) fell under all four SACS-210 segments simultaneously.
→ CCC+ certification in 16 weeks (after 4-day on-site audit), preserved 7 Aramco contracts worth SAR 280M, became eligible for Aramco Digital and NEOM tenders.
FAQ
Answers to Aramco procurement teams' questions.
What is SACS-210 and who does it apply to?
SACS-210 is Saudi Aramco's new Third Party Cybersecurity Standard (succeeding SACS-002). It applies to every contractor, supplier, subcontractor, and service provider that connects to Aramco networks, manages Aramco infrastructure, processes Aramco data, or hosts it in the cloud. Critical date: 26 August 2026 grace period expiry.
What is the difference between CCC and CCC+?
CCC = self-assessment validated remotely by an Aramco Authorized Audit Firm (AAF). Suitable for low-risk contractors with limited Aramco data access. CCC+ = full on-site audit at contractor premises by an AAF, required for high-risk contractors (broad network access, sensitive data processing, cloud hosting). Aramco determines required level based on contract scope.
How long does SACS-210 certification take?
At SKYLINE, typical timeline is 12 weeks for CCC+ (more demanding) and 8 weeks for CCC. Starts with a 5-day gap analysis, followed by control implementation, evidence packaging, and audit. We recommend engaging at least 4 months before your Aramco contract renewal date to avoid tender ineligibility.
How much does SACS-210 readiness cost?
Cost varies by scope and organization size. Basic CCC engagement for small firms starts from SAR 85,000. CCC+ engagement for a mid-size EPC typically ranges from SAR 350,000 to SAR 650,000 including Fortinet, EDR, and SIEM licences. We provide a free scoping consultation and fixed-price quote after scope definition. Reality check: losing a SAR 20M+ Aramco contract = no comparison.
Does SACS-210 cover one segment or multiple?
Most contractors fall under multiple segments simultaneously. Example: an EPC contractor with VPN to Aramco + processes sensitive drawings + uses shared SaaS = falls under 3 segments (Network Connectivity + Critical Data Processing + Cloud Services). Contractor must comply with requirements of every applicable segment. Our initial assessment accurately identifies all applicable segments upfront.
What if I fail to certify before 26 August 2026?
After the grace period expires, existing Aramco contracts will not renew and new tenders will exclude any contractor without a valid certificate. Aramco is explicit: no certificate = no contract. Potential losses include: existing contract non-renewal, tender disqualification, reputation damage, competitive loss to certified contractors. Start today to guarantee certification before the deadline.
Are you Aramco-approved to deliver SACS-210 services?
SKYLINE is an Aramco-approved contractor (vendor number available on request) and a Fortinet Expert-level partner. We do not act as the Authorized Audit Firm (AAF) — that would be a conflict of interest. We deliver readiness services and then hand you to an independent AAF (we have working relationships with 5 AAFs). This separation preserves audit integrity and is accepted by all our clients.
Do your services cover contractors in Riyadh and Jeddah in addition to Dammam?
Yes. HQ in Dammam, regional office in Riyadh, and field coverage for Jeddah. The Riyadh team serves Aramco contractors managing contracts from the capital and provides NCA / SAMA coverage for multi-sector clients. The Jeddah team focuses on Red Sea, Yanbu, and Rabigh contractors. On-site response within 24 hours to any location in the Kingdom.
Deadline · 26 August 2026 · 82 days remaining
Don't lose tender eligibility.
Gap analysis in 5 days. Scoped proposal + pricing inside 72 hours. Field engineers in Dammam, Riyadh, Jeddah.
From the Knowledge Base
Related Cybersecurity guides
Cybersecurity
فهم SPF و DKIM و DMARC لبريدك الإلكتروني
SPF و DKIM و DMARC هي السجلات الثلاثة التي تمنع المحتالين من انتحال نطاقك وتُبقي بريدك بعيداً عن مجلد الرسائل غير المرغوبة. إليك ما يفعله كل...
4 min read
Read →
Cybersecurity
Understanding SPF, DKIM and DMARC for your email
SPF, DKIM and DMARC are the three records that stop scammers from spoofing your domain and keep your mail out of spam. Here is what each doe...
5 min read
Read →
Cybersecurity
الأمن السيبراني والامتثال لقطاع تقنية نيوم في المملكة العربية السعودية (2026)
كيف يجب أن يصمم مشغلو قطاع تقنية نيوم في المملكة ضوابط الأمن السيبراني وفق NCA ECC والمنظمين القطاعيين وأنماط التهديدات الخاصة بالقطاع.
8 min read
Read →