ISMS Copilot for French cloud providers
Map SecNumCloud 3.2 requirements, prepare PASSI audits, and add HDS scope when you host health data.
Why French cloud providers choose ISMS Copilot
- Map SecNumCloud 3.2 requirements and run a gap analysis against your platform
- Prepare for the ANSSI qualification process and PASSI-conducted audits
- Implement data-sovereignty and EU/EEA localisation controls
- Work through service-partitioning and isolation requirements
- Add HDS (Hebergeur de Donnees de Sante) scope when you host health data
- Cross-map SecNumCloud, ISO 27001 and HDS to avoid duplicate evidence
Built around the French sovereign-cloud stack
SecNumCloud 3.2 requirements mapping across security, governance and sovereignty
ANSSI qualification process and PASSI audit preparation
Data-sovereignty, MFA and encryption control guidance
Service partitioning and tenant-isolation requirements
HDS layering for health-data hosting, with ISO 27001:2022 as the prerequisite
Cross-mapping between SecNumCloud, ISO 27001 and HDS
SecNumCloud qualification path for cloud providers
France sets a sovereignty bar that ISO 27001 alone does not clear. ANSSI SecNumCloud 3.2 is significantly more prescriptive: over 350 requirements covering data sovereignty, EU/EEA localisation, MFA, encryption, service partitioning and PASSI-conducted audits, and it is increasingly mandatory for providers serving French government, OIV and critical infrastructure under the Cloud au Centre doctrine. SecNumCloud builds on ISO 27001 but adds the sovereignty and partitioning layer on top. If your customers are healthcare organisations, a second regime applies: HDS (Hebergeur de Donnees de Sante) certification, which requires ISO 27001:2022 as a prerequisite and is mandatory for any third party hosting personal health data in France. ISMS Copilot helps you scope which regimes apply, map requirements, and prepare for ANSSI and PASSI audits.
Explore the SecNumCloud Copilot →Free Cloud Act / Schrems II exposure analyzer
Sovereignty positioning rests on a structured exposure picture. The free Cloud Act / Schrems II Exposure Analyzer walks a TIA-shaped, per-dimension exposure assessment (no composite compliant/non-compliant verdict by design — the legal-advice line stays with counsel) — a starting point that strengthens the SecNumCloud and Cloud au Centre arguments above for French government and OIV prospects.
Open the free Cloud Act / Schrems II Exposure Analyzer →Frequently Asked Questions
Is SecNumCloud mandatory for our cloud service?
SecNumCloud is increasingly mandatory for cloud providers serving French government, OIV (vital operators) and critical infrastructure under France's Cloud au Centre doctrine. ISMS Copilot helps you determine whether your customer base puts you in scope and maps the SecNumCloud 3.2 requirements against your platform.
When do we also need HDS certification?
Any third party hosting or processing personal health data for French healthcare organisations needs HDS (Hebergeur de Donnees de Sante) certification, which requires ISO 27001:2022 as a prerequisite. ISMS Copilot helps you build the ISO 27001 foundation and layer the HDS health-data requirements on top of SecNumCloud where both apply.
Does ISMS Copilot grant SecNumCloud or HDS qualification?
No. ISMS Copilot does not issue SecNumCloud qualification or HDS certification. Both require audits by ANSSI-accredited or COFRAC-accredited bodies. ISMS Copilot prepares your requirements mapping, evidence and PASSI-audit readiness so the official process is faster.
Ready to streamline your compliance work?
Built for speed, accuracy, and audit-ready output.