Profile Professional : Enhanced compliance

Following conditions are to be considered “on top” of the ones already described in Level -Baseline.

The “professional” profile is comprehensive and includes verified evidence (in form of certificates)  that the different compliance criteria are being satisfied. These evidences need to be issued by authorized authorities and are validated by the DOME marketplace through the assessment of the trustability of the presented certifications. The process for the provision of the evidence (self attestation and certificates) is described in a separate document. 

Currently the certifications that DOME can verify are:

• SecNumCloud
• BSI-C5
• CISPE
• EU Cloud CoC
• CSA CCM
• ISO/IEC 27001
• TISAX
• SWIPO

This list will be updated yearly in order to adapt these requirements to the new certification schemes that are developed in Europe.

Apart from the accreditations of the criteria mentioned above through the listed certifications, there are other criteria that need to be self-assessed and attested by the provider to achieve the Professional level:

CYBERSECURITY:

CS-20: User documentation: Provide up-to-date information on the secure configuration and known vulnerabilities of the cloud service for cloud customers.

PORTABILITY:

PT-1: The Provider shall implement practices for facilitating the switching of Providers and the porting of Customer Data in a structured, commonly used and machine-readable format including open standard formats where required or requested by the Customer.

PT-2: The Provider shall ensure pre-contractual information exists, with sufficiently detailed, clear and transparent information regarding the processes of Customer Data portability, technical requirements, timeframes and charges that apply in case a professional user wants to switch to another Provider or port Customer Data back to its own IT systems.

SUSTAINABILITY:

ST-1: The Provider shall provide transparency on the environmental impact of the Service Offering provided.

ST-2: The Provider shall ensure that the Service Offering meets or relies on an infrastructure Services Offering which meets a high standard in energy efficiency, meeting an annual target of PUE of 1.3 in cool climates and 1.4 in warm climates.

ST-3: The Provider shall ensure that the Service Offering meets or relies on an infrastructure for which electricity demand will be matched by 75% renewable energy or hourly carbon-free energy by 31st December 2025, and 100% by 31st December 2030.

ST-4: The Provider shall ensure that the Service Offering meets or relies on an infrastructure Services Offering that will meet a high standard for water conservation demonstrated through the application of a location and source sensitive water usage effectiveness (WUE)target of 0.4 L/kWh in areas with water stress.

These additional criteria 7 criteria can be also accredited through related certificates to achieve the compliance level Professional + that need to be verified by DOME: 

When DOME verifies the compliance of the additional 7 criteria through the validation of the defined certificates the service achieves the Professional + compliance level.