ANSSI SecNumCloud
France's qualification for sovereign cloud providers handling sensitive public-sector or OIV workloads.
Cloud service providers serving French public sector, OIV (operators of vital importance), and regulated sensitive data.
Continuous evidence pipeline available; audit support included for all customers.
What SecNumCloud actually requires.
These are the obligations a regulated entity owes — the things an assessor or supervisor will ask about.
EU-headquartered with no extraterritorial jurisdiction over data (immunity from foreign data access laws).
ISO 27001, 27017, 27018 baseline plus ANSSI-specific controls.
Personnel screening and supply-chain controls.
Data residency and operational sovereignty in EU.
Pre-mapped controls. Continuous evidence.
Each requirement above is bound to live telemetry — not screenshots. The mapping below is what your auditor or regulator sees.
Sovereign deployment tier with EU-only data plane.
ANSSI control crosswalk from existing ISO 27001 / 27017 / 27018 baseline.
Artifacts your auditor accepts.
Each evidence artifact is signed and timestamped. Auditors can verify integrity without trusting Safeguard.
SecNumCloud audit pack.
Data residency proofs and key custody evidence.
One evidence base. Many regulators.
These frameworks share substantial control overlap with SecNumCloud. Customers running one assessment typically satisfy the others with the same evidence base.
BSI IT-Grundschutz
European Union
Germany's federal IT baseline protection methodology — the standard for federal administration and KRITIS operators.
ISO/IEC 27001:2022
Cross-jurisdictional
The global Information Security Management System standard, updated in 2022 with 93 Annex A controls in four themes.
Esquema Nacional de Seguridad (ENS)
European Union
Spain's national security scheme for public administrations and the suppliers that serve them.
Ready for SecNumCloud?
Bring the framework. We'll walk the controls with you — section by section, evidence packet by evidence packet, with the regulators you actually have to answer to.