Cloud that government can trust
The CSP Security Standard sets the security baseline for cloud service providers that host Dubai government and semi-government workloads — covering how they protect identity, data, operations and continuity.
At a glance
Who must hold it
Any cloud service provider contracting with a Dubai government or semi-government entity to host, process or store its data is expected to hold CSP certification for the services in scope. This includes IaaS, PaaS and SaaS offerings where government information is handled.
What the standard covers
A plain-language view of the control domains an applicant is assessed against.
The certification path
BSI conducts the accredited audit that underpins the certificate; DESC makes the final certification decision. Once certified, the continuous-assurance layer keeps the picture current between the annual surveillance points.
BSI is the accredited audit authority for the CSP Standard. Its assessment is the rigorous, formal basis on which certification rests. The platform does not replace that audit — it extends its reach across the three years in between, so a point-in-time result stays trustworthy as systems evolve.