SecNumCloud

Our certifications
Standards & Directives SecNumCloud

The SecNumCloud standard is a security qualification issued by ANSSI (National Agency for Information Systems Security) to cloud service providers. It aims to certify the high level of security of the cloud services offered by these providers, particularly in terms of protection of sensitive data.

Become SecNumCloud Compliant

Aspects of SecNumCloud Standard

The SecNumCloud standard is based on a security framework which defines the requirements to be respected to obtain qualification. This framework covers the following aspects:

  • Security governance: the organization of the service provider in terms of security, the policies and procedures put in place, etc.
  • Physical security: the protection of physical infrastructure, such as data centers, servers, etc.
  • Logical security: the protection of information systems, security measures applied to data, etc.
  • Operational security: management of security incidents, staff training, etc.

Security governance

Security governance is an essential aspect of cloud security. It defines the security principles and objectives of the service provider, as well as the structures and processes necessary for their implementation.

Here are the requirements that the service provider must have, the latter must:

  • Have a clear and documented security policy.
  • Appoint an information systems security manager (CISO).
  • Set up a security committee responsible for steering the security policy.
  • Implement an information security management system (ISMS).

Security Governance Measures

  • Security policy: the security policy is a document which defines the security principles and objectives of the service provider. It must be clear, documented and accessible to all of the service provider’s staff.
  • Information Systems Security Manager (CISO): the CISO is the person responsible for implementing the security policy. He must have the skills and experience necessary to carry out this mission.
  • Security committee: the security committee is a group of people responsible for steering the security policy. It must be made up of representatives from the different departments of the service provider.
  • Information security management system (ISMS): the ISMS is a set of processes and procedures that make it possible to implement the security policy. It must comply with international information security standards, such as ISO/IEC 27001.

Physical security

Physical security is essential to protect cloud data and infrastructure from physical intrusions.

The requirements of the SecNumCloud standard in terms of physical security are:

  • Data centers should be located in secure areas.
  • Data centers must be protected against physical intrusions.
  • Physical infrastructure must be protected against natural hazards and environmental risks.

Physical security measures

  • Geographic location of data centers: Data centers should be located in secure areas, such as areas protected by physical barriers or security patrols.
  • Protection against physical intrusions: Data centers must be protected against physical intrusions, such as break-ins or vandalism.
  • Protection against natural and environmental hazards: Data centers must be protected against natural and environmental hazards, such as fire, floods or earthquakes.

Logical security

Logical security is essential to protect cloud data and information systems from cyberattacks.

Here are the requirements that the service provider must have, the latter must set up a system:

  • Authentication and authorization (AAA).
  • Data encryption.
  • Security incident detection and response (SIEM).

Logical security measures

  • Authentication and authorization: the service provider must implement an authentication and authorization (AAA) system to control access to cloud resources.
  • Data encryption: the service provider must implement a data encryption system to protect data against unauthorized access.
  • Security incident detection and response: the service provider must implement a security incident detection and response system (SIEM) to detect and respond to security incidents.

Operational security

Operational security is essential to ensure the proper functioning of security measures and to respond to security incidents.

Here are the requirements that the service provider must have, the latter must:

  • Implement a business continuity plan (BCP).
  • Implement a business recovery plan (PRA).
  • Train staff in good safety practices.

Operational security measures

  • Business continuity plan (BCP): the service provider must put in place a business continuity plan (PCA) to guarantee the continuity of activities in the event of an incident.
  • Business recovery plan (BRP): the service provider must put in place a business recovery plan (BRP) to enable activities to resume as quickly as possible in the event of an incident.
  • Staff training: the service provider must train its staff in good security practices to avoid human errors.

Advantages of working with a SecNumCloud certified service provider

The SecNumCloud standard is a security certification issued by the National Information Systems Security Agency (ANSSI) to cloud service providers. It aims to certify the high level of security of the cloud services offered by these providers, particularly in terms of protection of sensitive data.

Going through a SecNumCloud certified service provider has many advantages, including:

A high level of security

The SecNumCloud certification certifies that the service provider has implemented security measures that comply with the strictest data protection requirements. These requirements cover all aspects of cloud security, from governance to operational security.

These security measures help protect sensitive business data from a wide range of threats, including cyberattacks, physical theft, human errors, and more.

Strengthened confidence

SecNumCloud certification helps build business confidence in cloud services. In fact, the certification certifies that the service provider has been audited by an independent body and that it meets the strictest security requirements.

This confidence is important for businesses because it allows them to focus on their core business without having to worry about the security of their data.

Regulatory compliance

SecNumCloud certification allows businesses to comply with regulatory data protection requirements. Indeed, the certification covers the requirements of European regulations, in particular the GDPR.

This compliance is important for businesses because it allows them to avoid GDPR sanctions.

A need for an IT security audit?

Our team of IT security experts is ready to offer you the audit that best suits your needs and your business.

Your satisfaction and security are our priorities. Contact us

Contact us!

+33 1 85 09 15 09
*required