SecNumCloud is a security qualification developed by theANSSI in France, specifically designed for cloud service providers.
SecNumCloud aims to identify and promote a range of trusted cloud services, focusing on security and the protection of sensitive data. It represents the highest level of security for sensitive and strategic data in France.
SecNumCloud key features
- For cloud service providers (IaaS, PaaS, SaaS, CaaS)
- Qualification valid for 3 years, renewable
- Based on ISO/IEC 27001 and 27002, but with additional requirements specific to cloud services
- Current version: 3.2 (March 2022). Launched in 2016.
- Incorporates protection criteria with regard to non-European law
SecNumCloud processes and requirements
To obtain SecNumCloud qualification, service providers must :
- Demonstrate compliance with the best practices set out in the standards
- To be assessed by auditors qualified by ANSSI as PASSI (Prestataires d'Audit de la Sécurité des Systèmes d'Information - information systems security auditors)
- Comply with strict criteria covering various aspects, from the physical security of facilities to the management of authorised employees.
By choosing SecNumCloud-qualified services, organisations can identify suppliers offering an optimum level of security that complies with the standards set by ANSSI, thereby strengthening the protection of their sensitive data in the cloud.
