Established as an initiative to increase transparency in the implementation of security practices for cloud service providers worldwide, the program constitutes the right mix of cloud service controls capable of evaluating cloud services according to the standards PCI DSS, ISO27001, NIST SP800-53, COBIT, HIPPA, and other international standards. 

Who does it apply to?

The cybersecurity controls for cloud computing have been prepared to be appropriate to the cybersecurity requirements of service providers and subscribers, with the diversity of the nature of their work and the diversity of their sizes, within the scope of work, and include:
– Any governmental entity inside or outside the Kingdom of Saudi Arabia (including ministries, agencies, institutions, etc.).
– Government agencies and companies.
– Service providers that provide cloud computing services to Saudi entities outside the Kingdom.
– Private sector entities that own, operate or host sensitive national infrastructure.
– Any other interested company that wishes to adapt to these controls

What is its purpose?

  • The controls mentioned in 2020: 1-CCC are in line with several global standards related to cybersecurity and cloud computing, such as: IEC/ISO 27001, CCM Controls, C5, and other international standards. 
  • Cloud computing cybersecurity controls are an extension of the essential cybersecurity controls ECC. 
  • These controls pay close attention to the main themes of cybersecurity (strategy, people, processes and technology). 
  • These controls focus on cloud computing services from the perspective of service providers and customes. 

What does it consist of?

As a cloud service provider, when you implement and comply with CCC-1-2020 regulations you gain a good reputation and take advantage of serving as a service provider for government agencies.
Raising the readiness of facilities against potential cyber risks.
It helps to comply with international regulatory standards, since these controls are aligned with other relevant international standards.
Ensures the management of cybersecurity risks and the protection of information and technical assets of service providers and subscribers.
Ensures the protection of data and information of cloud service providers and beneficiaries.
Timely detection of vulnerabilities, and effective treatment of them; This is to prevent or reduce the potential for these vulnerabilities to be exploited by cyber-attacks, as well as to minimize the business implications for service providers and customers.

How long does it take to implement the Cybersecurity Controls for Cloud Computing (CCC) in an organization?

It depends on the size of the organization, the field in which it operates, the number of employees, the state of the current policies implemented, and the number and type of ICT components within its infrastructure. Some organizations can roll out the  Cybersecurity Controls for Cloud Computing (CCC) in a few weeks, others may require months or years. If you are interested in implementing Cybersecurity Controls for Cloud Computing in your organization, contact us to schedule a gap analysis audit and get a better assessment of the lead time and the costs.

Clients and Partners