Aramco implements a new stringent 3rd-Party Compliance Programme
KPMG Professional Services in Saudi Arabia has signed an agreement with Aramco, one of the largest energy and chemicals companies in the world, to examine and strengthen the cybersecurity compliance checks across Aramco’s third-parties and suppliers.
Aramco has recently implemented the Third-Party Cybersecurity Compliance Certificate (CCC) Programme, a strategic initiative to certify existing and new third-parties and suppliers before conducting business.
An MoU was signed by Hossain Alshedoki, Manager of Cybersecurity Advisory and ENR Cybersecurity Sector Lead, KPMG Professional Services, and witnessed by Abdulaziz Alnaim, KPMG Office Managing Partner in the Eastern Province of Saudi Arabia.
“Based on our analysis of minute-by-minute technological disruptions and ever-changing cybersecurity needs, we believe that vital national assets such as Aramco need to be fully protected with state-of-the-art and seamless cybersecurity systems,” remarked Alnaim.
“Third-party risk is a key risk in the area of cybersecurity, managing this risk will improve the cyber posture of organizations who heavily depend on external parties or suppliers,” commented Ton Diemont, Head of Cybersecurity, KPMG Saudi Arabia, Jordan, Iraq and Lebanon.
Issued certificates will be valid for two years. If a supplier is awarded a new contract that involves a cybersecurity classification type that is not covered in the specifications of the valid certificate, a new certificate will need to be obtained and submitted.
The requirements for a new contract with Aramco will depend on the category of a bidder’s cybersecurity classification. If the bidder falls under the standard cybersecurity classification, there is no requirement to apply for a new certificate.
