The DOME compliance policy

Being the DOME scope to create a framework supporting the market requirements, the definition of the policy starts from the definition of a baseline, defining the minimum compliance level to ensure acceptability by the majority of the market sectors. This definition is excluding by design any vertical requirement of a market sector or any enhanced qualification. Those second-level qualifications will be used to furtherly raise the qualification level of the offering but not to exclude something from the listing.

The scope is to ensure a reasonable level of compliance while minimizing the exclusions.

Aligning with the market the minimum compliance level is defined by Customers, while Providers have to commit to reach such compliance. The role of the DOME organization in this process is to balance the requirements of the Customer Base with the sustainability of the Providers. Too high requirements will land in poor offering because the Providers will not be able to sustain the costs related to the acquisition and the maintenance of such high compliance levels.

On the other side several other organizations are already working on the definition of a compliance level for cloud offering, and DOME will try to keep as much compatibility as possible with most of them in order to create the conditions for a future sharing of such visibilities between organizations.

In line with other established initiatives (i.e., Gaia-X) the DOME compliance policy is mapping the different criteria in different compliance levels according to the evidence provided by the offering vendor during or after the onboarding process.

Being DOME not committed to assess the delivery platform of every provider claiming to be listed on the DOME catalogue, the compliance policy is relying on complying with the criteria that have been selected as the main relevant ones for the trustability of the services in DOME. 

Thus, the DOME compliance approach is designed to ensure that service providers meet rigorous quality standards, encompassing regulatory respect, data security, and service management best practices. This framework is based on a set of reference quality criteria that serve as the foundation for evaluating compliance.¹

¹   The DOME Compliance criteria has been defined based on the analysis of the Gaia-X Compliance criteria https://docs.gaia-x.eu/policy-rules-committee/compliance-document/24.11/criteria_cloud_services/#assessment-procedures and adapted to the needs of DOME