Veritas Global- Dubai
CBD, International City Dubai,
United Arab Emirates.
Veritas Global - Sharjah
SAIF Executive Office P8-12-50,
P.O.Box 123371,
Sharjah - U.A.E.

Background

UAE DESC CSP Certification in Dubai-UAE

  1. Home
  2. UAE DESC CSP Certification
  3. Dubai Electronic Security Centre (DESC) - Cloud Service Provider (CSP)

Dubai Electronic Security Centre (DESC) - Cloud Service Provider (CSP)

In 2014, the Dubai Electronic Security Centre (DESC) was founded in the United Arab Emirates (UAE) with the aim of developing and executing information security policies across the Dubai Emirates. DESC introduced the Cloud Service Provider (CSP) Security Standard, which provides guidelines and recommendations for CSPs and organizations that utilize cloud services. Compliance with these standards is a requirement for all CSPs that wish to offer cloud services to governmental and semi-governmental bodies in Dubai.

The CSP Security Standard is based on the following benchmarks:
  • ISO/IEC 27001:2013
  • ISO/IEC 27002:2013
  • ISO/IEC 27017:2015
  • The Information Security Regulation (ISR) 2017 set by the Dubai Government
  • Cloud Controls Matrix (CCM) 3.0.1 from the Cloud Security Alliance (CSA)

The CSP Security Standard outlines the compulsory criteria for CSPs delivering services to Dubai's government and semi-government organizations. Additionally, it provides recommendations for clients of these CSPs. Entities within the Dubai government and semi-government sectors are obligated to ensure that their chosen CSP meets these requirements.

During the formulation of the CSP Security Standard, DESC aimed to closely align with established international standards to facilitate the certification process. Consequently, if a CSP holds a certification for ISO/IEC 27001:2013, there would be no need for a subsequent audit on this section of the CSP Security Standard; the existing ISO/IEC 27001:2013 certification would be accepted. This principle applies similarly to other accepted standards that underpin the CSP Security Standard. For example, a CSP certified at CSA STAR Level 2 would not require an additional audit for recognition.

To simplify this procedure, DESC has published a list of standards intended for certification bodies aiming to gain DESC accreditation for conducting certification related to the CSP Security Standard. A DESC-approved certifying organization can then confirm the validity of CSPs' existing certifications and report the findings to DESC. After completing all necessary actions, the certification body should inform DESC if certification is appropriate. An additional audit may be needed from the certifying organization, which could include a mandatory physical inspection of data center facilities stipulated by DESC. 

GET QUOTE
ISO Certification
View All Standards
Aerospace Certification
IT Certification
Product Certification