Renewal of Saudi Aramco CCC+ Certification — First Attempt Completion
Renewed Saudi Aramco CCC+ certification on the first attempt — compliance across 56 controls without an in-house IT team.
The Challenge
First CCC+ acquisition in 2023 took 3–4 months to complete.
No internal IT or cybersecurity team.
Risk of Saudi Aramco invoices not being cleared if certification was not renewed.
Our Solution
- Conducted gap assessment against SACS-002 requirements.
- Redeployed cybersecurity controls on new and old devices to ensure compliance with new requirements.
- Prepared the technical and documentation audit package.
- Managed full communication with the auditor — submission, site visit coordination, and observation responses.
Implementation Approach
Arselor's delivery team executed this engagement in tightly scoped phases — discovery, gap assessment, deployment, validation, and handover — with weekly checkpoints and direct stakeholder communication throughout.
Services & Technologies
Results & Business Impact
- ✓ CCC+ renewal completed within 4 weeks
- ✓ Compliance achieved across 56 controls (Critical Data Processor classification)
- ✓ Installation and configuration of Blancco File Erasure
"When we acquired the CCC+ certification back in 2023, it took us months. We searched for a different implementer and reached out to Arselor based on a recommendation that praised their swift and clear execution. Finishing the compliance within weeks and even handling auditor communication was such a relief — it cemented our confidence in trusting Arselor."
Roger Sarmiento
IT Administrator · Jeal AlMustaqbal Investment Co.
Ready to achieve similar results?
Let's talk about how Arselor can help your organization deliver outcomes like these.