Three schemes, one standard of assurance
DESC certifies the providers Dubai government entities depend on — across cloud hosting, security operations, and offensive-security services. Each scheme is audited by its accredited authority; the platform then keeps assurance live between those audits.
Compare the schemes
| CSP Standard | SOC Standard | Dubai Cyber Force | |
|---|---|---|---|
| Who it's for | Cloud service providers | SOC / managed-detection providers | Pen-test & incident-response firms and individuals |
| Must be held by | CSPs serving Dubai government & semi-government | SOC providers serving Dubai government | Firms & testers in the Dubai Cyber Force scheme |
| Formal authority | BSI | BSI | CREST |
| Authority's role | Accredited audit authority | Accredited audit authority | Accreditation partner |
| Validity | 3 years + annual surveillance | 3 years + annual surveillance | 2 years |
| Continuous assurance | Included | Included | Included |
| Detail | CSP scheme → | SOC scheme → | Cyber Force → |
Across all three, the audit remains the basis for certification and DESC holds the final decision. What's shared is the continuous-assurance layer that watches for drift and change once a certificate is live — turning a yearly snapshot into an ongoing picture.