The SecNumCloud qualification aims to promote and enhance trusted service providers offering cloud services to public and private entities
It is part of the French strategy for a trusted cloud.
The associated SecNumCloud repository aims at a high level of security, to create trust above all on the Cloud service.
AlgoSecure offers to accompany companies towards SecNumCloud qualification.
The ANSSI has published a set of requirements for the SecNumCloud qualification SecNumCloud. This repository is structured with the same chapters as the ISO 27002:2013 standard included in Annex A of the ISO 27001:2013 standard.
Some prerequisites are required, they mainly concern the location of the data.
The SecNumCloud repository includes recommendations and best practices for security management, identity and access management... It also includes recommendations for the use of cloud services, depending on the classification levels of the processed data.
It is broken down into several security levels, ranging from basic for public data to very high for sensitive data and defense systems. The recommendations for each security level are adapted to the specificities of cloud services.
As soon as a large part of the measures specified in the SecNumCloud requirements repository are met, a request for qualification from the ANSSI can be initiated.
AlgoSecure offers to assist you in obtaining the SecNumCloud qualification for the following services:
AlgoSecure assisted a customer who wanted to qualify one of its SaaS services as SecNumCloud . For this, an audit of compliance with the SecNumCloud repository and a roadmap to qualify its SecNumCloud service have been established, like the compliance audits that we conduct for ISO 27001 certification.SecNumCloud compliance status :
The qualification is valid for a period of 3 years, with follow-up through annual surveillance audits. At the end of the 3 years, the provider can ask for the renewal of the qualification.
Are you interested in SecNumCloud qualification and would you like to be assisted in setting up the SecNumCloud repository? Let's talk together.
We observe an average time of 12 to 18 months to comply with the standard and obtain the qualification. This estimate takes into account the time dedicated to the qualification project and the human resources allocated. The timeframe will also vary depending on your current level of cybersecurity maturity. For example, having a cloud service already qualified to the ISO 27001 standard will be a good step forward to start the SecNumCloud qualification process.
As part of the France 2030 plan, grants are offered in priority to SMEs wishing to market a qualified SecNumCloud PaaS or SaaS offer within the next two years.
These aids are presented in the form of four modules :
|Description of the module
|Amount of assistance
|Module 1 : Initial audit
|Evaluation of SecNumCloud qualification deviations, and measurement of the cyber level
|Module 2 Transformation Formula
|Implementation of concrete actions based on the ANSSI's hygiene guide, and allowing to prepare the qualification process
|Module 3 : Compliance formula
|For mature players or those exiting the "transformation" formula, to support compliance with the requirements of the standard
|Module 4 : Qualification Assistance
|Qualification process, respect and application of the rules of reference
An application file must be submitted to ANSSI, presenting the project to qualify the offer. To obtain this aid, an application must be submitted via a one-stop shop accessible on the Bpifrance website before July 19, 2023.
This date corresponds to a second changeover and a budget of 3.5 M€ is allocated for this changeover. For the first changeover in February 2023, 21 projects were selected from about 40 applications.
We audit your information systems to reveal vulnerabilities: these are our penetration testing engagements.
We help you evaluate the risks that are cast on your systems, and establish a plan in order to deal with these risks.
Specialists in information security and pentest in Lyon, Paris, Saint-Etienne and throughout France
You've enabled "Do Not Track" in your browser, we respect that choice and don't track your visit on our website.