The company is stepping up protection of its critical Middle Eastern oil and gas facilities, which have been targets of cyber warfare in the past.
Suppliers including general vendors and those specialising in outsourced infrastructure, customised software, network connectivity and critical data processors need to obtain Saudi Aramco’s cyber security standard certification.
While the financial services sector suffered the most cyber attacks, the Middle East’s oil and gas facilities have also been targeted.
“Third-party risk is a key risk in the area of cyber security, managing this risk will improve the cyber posture of organisations who heavily depend on external parties or suppliers. More organisations should follow the direction which Aramco has taken,” said Ton Diemont, head of cyber security for KPMG Saudi Arabia, Jordan, Iraq and Lebanon.
Certificates issued by KPMG will be valid for two years. However, if a supplier is awarded a contract which has specifications not included in the certificate then a new one will need to be issued.