}

Managing cookies

We use cookies to ensure the proper functioning of the site, to measure the audience and to broadcast appropriate advertising. Check out our Cookies policy to find out more.

Accept
Refuse
Tous
Cybersecurity
Project management
Cloud
Sovereignty
Alternatives
Tools
Home
Blog
Cybersecurity
Author
Lionel Roux
CEO at Wimi
In this article
Share

All you need to know about SecNumCloud

Cybersecurity
5 min
Posted on
4/2/2026
SecNumCloud

Cloud infrastructures are prime targets for cybercriminals given the large amount of data, sometimes sensitive, that they store. To face this strategic challenge, SecNumCloud security certification has been implemented. Very demanding, it is designed to protect businesses, state agencies and any operator of vital importance against intrusions.

To help you understand the challenges and specificities of SecNumCloud, in this article, we present this certification, its advantages and the dedicated certification process. This will allow you to choose your cloud services and secure your business in a more informed way.

What is SecNumCloud?

Faced with the rise of cyberattacks and data breaches, theANSSI (National Agency for Information System Security) has implemented the SecNumCloud certification.

This framework of requirements is “a set of rules that apply to cloud service providers who want to obtain a qualification of their offers or wish to comply with the agency's security recommendations.”

By meeting SecnumCloud's technical, operational and legal requirements, the service provider can reassure its customers by demonstrating the quality of data security.

Different types of service providers are concerned and can request this qualification:

  • IaaS (Infrastructure as a Service)
  • CaaS (Containers as a Service)
  • PaaS (Platform as a Service)
  • SaaS (Software as a Service)

What security practices are guaranteed by a SecNumCloud certification?

To guarantee an optimal level of security, the SecNumCloud framework covers more than 360 points of requirements that belong to 14 essential security themes:

  • Information security policy and risk management;
  • Organization of information security;
  • Human resources security;
  • Access control and identity management:
  • physical and environmental security;
  • asset management;
  • Cryptology;
  • Operational safety;
  • Communications security;
  • Acquisition, development and maintenance of information systems;
  • Relationship with third parties;
  • Management of information security incidents;
  • Continuity of information activity;
  • Compliance.

Why is SecNumCloud essential for cloud security?

The SecNumCloud initiative is part of a European desire to increase data security, in particular through the Cybersecurity Act. At the French level, the certification is based on the structure of the ISO/IEC 27001 standard and is perfectly consistent with The cloud strategy of the government.

A few facts and figures help to understand the importance of securing the cloud:

  • Cyberattacks represented the first threat to businesses and communities in 2020;
  • Between 2019 and 2020, the number of rangoncial attacks treated by ANSSI increased by 4
  • In 2022, the Cyberance platform observed an increase in attacks targeting professional websites.

These strong trends demonstrate a massive increase in cyber risks. Cloud infrastructures are of course not immune and must be protected.

What are the advantages for a company to be SecNumCloud qualified?

Any company that is in a position to access SecNumCloud certification can reap numerous benefits. However, the very high level of requirements limits it to a narrow circle.

Regardless, certified organizations and businesses can:

  • Certifying a high level of security;
  • Offer solid guarantees to their customers;
  • Access strategic tenders;
  • Comply with the Cybersecurity Act.

Thus, the qualified company protects itself while effectively protecting its customers' data.

The SecNumCloud certification process

While the benefits of certification are numerous, obtaining it is a complex process. It is necessary for the company or organization to devote significant resources to it over a relatively long period of time.

Meet the eligibility criteria

First of all, the provider must be a cloud computing service such as IaaS, PaaS, SaaS or CaaS. The aim of certification is above all to ensure the security of national data. Therefore, the service must operate in France, although the service provider may be based abroad.

The steps required for certification

Various steps are essential to hope to obtain this certification:

  • The applicant must prepare detailed documentation that demonstrates compliance with SecNumCloud certification requirements. One of the essential documents is then the security file, which details how the service provider meets ANSSI's security requirements;
  • In a second step, ANSSI will carefully examine the file. If the application is admissible, the certification process requires the programming of a series of audits. These are carried out by independent experts who will assess the company's compliance with certification requirements;
  • If the audits are successfully passed, the auditors make a recommendation to ANSSI. The latter is essential for the issuance of the SecNumCloud certification.

To successfully pass all these steps, the company must work in depth on all aspects of its cybersecurity. Indeed, in order to guarantee optimal security for accredited organizations and companies, ANSSI rejects any request for certification that would include an incident or a weakness in the security system.

The costs associated with certification

It is difficult to assess in advance the costs required to comply with SecNumCloud. It depends on the current state of the company's security level. Many actions must sometimes be implemented before applying for certification.

For the certification process itself, it is necessary to foresee the costs of preparing documentation, audits, but also maintenance and certification costs.

However, you can contact qualified auditors in advance or directly with ANSSI in order to obtain a more accurate estimate of certification costs.

A robust and reliable solution to secure cloud services

SecNumCloud certification is essential whether you are a customer of a cloud provider or a cloud provider yourself. If you are a customer, havea proven collaborative platform is ideal for keeping your data safe. If you are a service provider, accessing SecNumCloud certification is an effective way to guarantee the reliability of your services and reassure your customers. The SecNumCloud initiative is part of a global approach to the preservation of critical infrastructures that concerns all stakeholders, from citizens to consumers, including cloud professionals.

ANSSI, Focus on SecNumCloud and data protection, site consulted in July 2023

ANSSI, Cybersecurity in the face of the threat: the French strategy, site consulted in July 2023

ibid

Cyber malice, Cyber threat figures and trends: Cybermaliciance.gouv.fr reveals its 2022 activity report, 2023

Other similar items

See all articles
Cybersecurity
Use filtering and access control solutions
4/2/2026
Written by
Lionel Roux
collaboration & cybersecurity
Cybersecurity
Develop a collaborative work culture focused on cybersecurity
4/2/2026
Written by
Lionel Roux
How to make your teams aware of cyber risk?
Cybersecurity
How to make your teams aware of cyber risks?
4/2/2026
Written by
Lionel Roux
See all articles