DESC

Contrast
Use the toggle below to switch the contrast:
Read Speaker
Listen to the content of the page by clicking play on Listen:
Text Size
Use the buttons below to increase or decrease the text size:
A-
A
A+

DESC provides a framework for managing cyber risks and supporting government entities.

  1. Home
  2. /
  3. Regulations
  4. /
  5. Certifications

Certifications

CSP-Securities-Standard

Cloud Service Provider (CSP) Security Standard

The Cloud Service Provider (CSP) Security Standard produced by Dubai Electronic Security Center (DESC) sets out requirements and guidance for CSPs and those organizations using any cloud services.

Compliance with this standard is mandatory for all CSPs wishing to offer cloud services for Dubai government and semi government entities. CSPs can achieve certification against this standard to demonstrate this compliance, following the well-known international certification scheme applied for ISO/IEC 27001.

The CSP Security Standard is based on the following international standards:

  • ISO/IEC 27001:2013
  • ISO/IEC 27002:2013
  • ISO/IEC 27017:2015
  • ISR:2017 v.02
  • CSA Cloud Controls Matrix 3.0.1
Description of the Certification Process
Throughout the development of the CSP Security Standard, strong alignment with the existing international standards has been sought to make the certification process as easy as possible, and to allow the use of the international accreditation/certification scheme for ISO/IEC 27001. Basis of the certification process is the acknowledgement of any existing certifications, without further audits for these existing certificates.
The following picture illustrates the certification process:
CSPdiagramEN
In case of a CSP using one or more co-located third party data centres, the certification process shall ensure that this arrangement is sufficiently secure. Possibilities for such checks can be:
  • Inclusion of the data centre in the scope of existing or new certificates against the aforementioned three standards.
  • Assessment of the third-party controls, including the assessment of risks related to third parties, that are applied by the CSP to ensure that adequate security is in place.
Certification Validity
The certificates issues following this process are following the usual process for management system certification applied by accredited certification bodies. This means that there will be yearly surveillance audits, where possible, taking place on site, and every three years a re-certification audit occurs.

Data Center (DC) Security Standard

The Data Center (DC) Security Standard produced by Dubai Electronic Security Center (DESC) sets out requirements and guidance for DCs and those organizations using any data centre services.

Security Operations Centre (SOC) Security Standard

The Security Operations Centre (SOC) Security Standard produced by Dubai Electronic Security Center (DESC) sets out requirements and guidance for SOCs and those organizations signing any SOC services. Compliance with this standard is mandatory for all SOC providers wishing to offer SOC services for Dubai government and semi government entities. It can be applied for in-house or outsourced SOC service provision.

Certified Companies

Incident Response Service Provider

# Name Expiry Contact Name Contact Email
1. Gulf Business Machines United Computer & Management Consultancy Company (L.L.C) 05/03/2025 Hamda Mohamed Al Ali hamdaa@gbmme.com
2. Help Information Technology Consultancy - Sole Proprietorship L.L.C 08/05/2025 Salma Sami Salma.sami@helpag.com
3. LRQA Limited 13/11/2024 Ben Densham BDensham@nettitude.com
4. Obrela MEA FZ-LLC 24/03/2025 Iraklis Mathiopoulos i.mathiopoulos@obrela.com

Penetration Testing Service Provider

# Name Expiry Contact Name Contact Email
1. Baseel Consultancy LLC 20/07/2025 Shashank Phatak Shashank.phatak@baseel.com
2. Closed Door Security FZCO 06/05/2025 William Wright william@cdsec.co.uk
3. Crowe Mak Technology LLC 27/11/2024 Marko Suswanto marko.suswanto@crowe.id
4. Cyberwise FZ-LLC 19/02/2025 Murad Abu Shameh murads@cyberwise.ae
5. Data Hub Integrated Solutions MORO L.L.C 02/07/2025 Mohammad Almalik mohammad.almalik@morohub.com
6. Excelledia Management Consultancy 27/11/2024 Thomas Marshall tom.marshall@precursorsecurity.com
7. Fortbridge Ltd. 04/11/2024 Bogdan Tiron BogdanTiron@Fortbridge.co.uk
8. Grant Thornton Audit and Accounting Limited 04/11/2024 Vahagn Abazyan vahagn.abazyan@am.gt.com
9. Gulf Business Machines United Computer & Management Consultancy Company (L.L.C) 05/03/2025 Hamda Mohamed Al Ali hamdaa@gbmme.com
10. Haumaru Lab for Auditing, Reviewing & Testing Cyber Risks Co. L.L.C 08/07/2025 Raheel Ahmad ahmadraheel@haumarulabs.co.nz
11. Help Information Technology Consultancy - Sole Proprietorship L.L.C 08/04/2025 Salma Sami Salma.sami@helpag.com
12. HWG S.R.L 01/06/2025 Zoja Antuchevič zan@solutionlab.net
13. ITSEC Services Asia Pte. Ltd. 15/11/2024 David Chia David@itsec.sg
14. LRQA Limited 13/11/2024 Ben Densham BDensham@nettitude.com
15. Obrela MEA FZ-LLC 23/03/2025 Iraklis Mathiopoulos i.mathiopoulos@obrela.com
16. Penetration Testing Middle East – FZCO 04/11/2024 Thomas Heenan Tom.Heenan@rupture-infosec.com
17. ValueMentor Cyber Risk Management Services LLC 14/11/2024 Angela Maria angela@valuementor.com

Cloud Service Provider

# Name Expiry Contact Name Contact Email
1. Amazon 21/01/2025 Pabari Vishal vpabari@amazon.co.uk
2. BIOs 29/07/2024 Omar Mirza Omar.Mirza@zaintech.com
3. Cloud4C 17/07/2025 Venkata Pavan Kumar Marella pavan.marella@cloud4c.com
4. Commvault 01/10/2024 Mohammed Aziz mohammedaziz@commvault.com
5. Druva 09/03/2025 David Lee david.lee@druva.com
6. DU 26/12/2024 Darshan Sebastian Darshan.Sebastian@du.ae
7. Etisalat 29/01/2025 Sergio Rivero Partida spartida@eand.com
8. Qualys 25/09/2024 Akshay Basetti abasetti@qualys.com
9. Microsoft Dubai LLC 04/10/2024 Na Zhang naz@microsoft.com
10. MORO 13/02/2025 Shantha Kumar shantha.kumar@morohub.com
11. Naseej 16/03/2025 Abdelbasset Zerrouki A.Zerrouki@naseej.com
12. Oracle 30/04/2025 Pavan Kumar Nethi pavan.kumar.nethi@oracle.com
13. Oracle (SaaS) 18/06/2025 Samer Abboud samer.abboud@oracle.com
14. SAP 31/12/2024 Jafar DAJANI jafar.dajani@sap.com
15. Smart Dubai Platform 26/01/2025 Abdulaziz Salem Abdulaziz.Salem@du.ae
16. Snowflake 26/03/2025 Shashwat Deshpande shashwat.deshpande@snowflake.com
Scroll Up Top