""

SecNumCloud Qualification – Sovereign Cloud in France ANSSI

SecNumCloud qualification is the most advanced set of requirements for Cloud service providers operating in France.
This qualification is issued by ANSSI on the basis of an assessment report by LSTI, an accredited assessment body.

What is SecNumCloud qualification?

SecNumCloud qualification is France's most stringent set of requirements for Cloud Service Providers. Established by ANSSI, its aim is to guarantee the highest levels of security and trust for Cloud Computing services. LSTI Certification is the body authorized to assess and issue this qualification, ensuring that the provider complies with very high technical, organizational and legal requirements. These requirements include security measures for the provider's information system, and quality and security processes based on the ISO/IEC 27001 standard. SecNumCloud's main objective is to protect the most sensitive data of public and private organizations (OIV, OSE), particularly against espionage threats and the application of foreign laws.

How does SecNumCloud certification work?

Certification of cloud computing service providers is a qualification issued by LSTI in accordance with a reference framework provided by the French National Information Systems Security Agency (ANSSI).

It is aimed at all types of companies providing cloud computing services on their own behalf or on behalf of their customers.

Certification attests to the service provider's compliance with :

  • information system security rules
  • process quality and security requirements (based on ISO 27001).

Certification is issued by LSTI on the basis of an audit report for a period of three years, subject to annual surveillance audits.


What are the challenges of SecNumCloud certification?

Choosing a SecNumCloud qualified service assessed by LSTI Certification is imperative for the sovereignty and security of your sensitive data:

  • Sovereign confidence: Guarantee of a Cloud Computing service that complies with the most stringent French ANSSI requirements, ideal for strategic data.
  • Maximum security : Guaranteed compliance with the highest level of technical and organizational requirements to protect the Information System and hosted data.
  • Resistance to foreign laws : Legal and data localization requirements offer protection against the application of non-European laws (such as the Cloud Act).
  • ISO 27001 alignment : The repository incorporates quality and security requirements based on the international ISO/IEC 27001 standard.
  • Simplicity of compliance : Facilitates the choice of Cloud infrastructure for organizations subject to strict regulations (OIV, OSE, HDS) concerning the hosting of their critical data.
  • Annual surveillance audit: Qualification is maintained through strict annual surveillance audits, ensuring ongoing compliance.

Why choose LSTI?

1

Recognized expertise

With over twenty years' experience, LSTI supports more than 300 organizations in France and Europe as a leading certification body and assessment center, operating in the fields of cybersecurity, digital trust and information security.

2

Specialized auditors

Our teams of auditors are made up of experienced professionals who are fully conversant with ANSSI cybersecurity guidelines, information security management practices and European digital trust frameworks. Their approach guarantees assessments that are demanding, balanced and adapted to the operational contexts of each organization.

3

Independent third party and dedicated support

LSTI guarantees impartiality, transparency and consistency throughout the entire cycle: preparation, audits, surveillance and renewals. A dedicated contact ensures continuity and clarity throughout the certification process.


Discover our news