DOME certification qualification process
The DOME platform will provide means to qualify products in the Marketplace with respect to their fulfillment against relevant reference standards.
Initial clarifications:
-
DOME won't certify services
-
DOME will verify that services that want to be endorsed to DOME are compliant to the selected relevant schemes, from the EU Cloud Rulebook. To do so, DOME will verify the validity of the certificates provided by the CSPs for each of the services.
-
DOME will assess the "continuous validity of the certificate" during the lifecycle of the cloud service in
DOME.DOME, monitoring possible expirations.
The certification qualification process is composed of 4 sub-processes:steps:
admin/Marketadministrator place/Marketplace adminadministrator setsets upsup the certification level for the services, selecting which certifications/frameworks need to be provided when a service is endorsed into the DOME/federated marketplace. Each marketplace federated in DOME can have specific additional configurations for compliance: EUCR , Others: AI related ones, financial specific, health specific, environmental specific, etc.
Step 2- Certification accreditation:
A CSP that wants to be part of DOME provides the certificates, uploading the corresponding evidence (signed or not signed pdf files or VC of the linkscertificate ). As depicted in Figure 1, depending on the type of the provided evidence different methods need to be applied to validate it. DOME will accept the pdf).
different certification types issued by the different agencies and authenticity will be assessed both in all the cases. When the evidence provided is a signed or unsigned pdf the authenticity will be assessed by the DOME Trust Service Provider for Certification, and the corresponding VC will be created for the CSP to be included in their DOME compliance profile.
DOME compliance approach is prepared to support the acceptance of VCs of the certificates issued by certification agencies as depicted in Figure 1.
Currently Supported standards (in green) :
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
Step 3- Certification assessment: DOME assesses the validity of the certificate and if valid generates the related Verified Credential for the CSP to be stored in the wallet. The validation is done through the assessment of specific controls and when available checking the inclusion of the presented certificates in EUCR registry of adherence or other relevant databases. The certification assessment activity will be done in a continuous basis process.
Step 4- Service qualification and onboarding: The service is qualified in the DOME marketplace based on the valid certificates and the information is updated in the catalog. Once the product receives the validation it will be visible in the marketplace pages including the Certification profile achieved through the validation.There are 3 compliance levels based on the types of evidence provided for the supported certifications. These are the different compliance levels a service can be qualified to:
- DOME Level 1 - No certifications provided/achieved
- DOME Level 2 - Some supported certifications have been verified
- DOME Level 3 - All the supported certifications have been verified by DOME