Accueil > Security & Compliance
Numspot produit

Protect your critical data on a secure-by-design cloud services platform

Numspot was founded with a clear ambition: to combine innovation, data sovereignty, and the security of critical data and applications. Our teams rely on Europe’s most stringent security standards to build a secure-by-design cloud services platform.

Numspot takes a rigorous approach to security certifications and qualifications, helping European organizations accelerate and maintain compliance through continuous improvement and regular audits. Our environment is designed for regulated industries that handle sensitive data, such as healthcare, financial services, and the public sector.

Plateforme des services cloud numspot sécurisée

Numspot security certifications and qualifications

From the outset, Numspot has pursued ongoing audits to achieve key certifications that demonstrate its strong security posture.

Numspot certifié ISO27001

ISO 27001

ISO/IEC 27001 is the leading international standard for information security management systems (ISMS), applicable to any organization regardless of size or industry. It defines the requirements to establish, implement, maintain, and continually improve an ISMS by identifying information-security risks through a structured analysis of assets, threats, vulnerabilities, and impacts.

This certification is issued after an independent audit and ensures confidentiality, integrity, and availability of information, with annual reviews and monitoring to support continuous improvement.

Why choose an ISO 27001-certified cloud provider ? An ISO 27001-certified ISMS helps control cyber risk, streamline GDPR and NIS2 audits, and demonstrate compliance with regulatory requirements to regulators and stakeholders.


HD_ISO 27036

ISO 27036

ISO/IEC 27036 is a standard dedicated to information security in supplier relationships, extending ISO 27001 principles to ICT supply chains. It sets out the core requirements to define, implement, operate, monitor, and improve supplier risk management across product and service procurement, cloud computing, and outsourced processes.

Why choose an ISO 27036-certified cloud provider? An ISO 27036-certified provider helps secure the cloud supply chain against third-party risks, protects sensitive data in transit or outsourced environments, and simplifies compliance with subcontracting obligations under GDPR and NIS2.

Numspot certifié HDS

HDS (Health Data Hosting)

HDS certification is a French regulatory requirement for hosting personal health data. It is designed to reinforce data protection and build a trusted environment for the healthcare sector. Issued by COFRAC-accredited bodies valid for three years after a two-step audit process (document review and on-site assessment), it evaluates compliance with a framework that includes ISO 27001, with a focus on security, confidentiality, service quality, and patient privacy.

Why choose an HDS-certified cloud provider? Healthcare organizations can ensure the lawful hosting of health data and gain traceability and trust for migrations involving hospital information systems, PACS, or DMPs.

SecNumCloud

Issued by ANSSI, the French national cybersecurity agency, SecNumCloud qualification (French cloud security qualification framework) guarantees the highest level of security and trust for cloud providers. It demonstrates operational resilience and technical maturity through a comprehensive assessment of hosted data protection. The evaluation goes beyond technical controls and also covers governance, risk management, and protection from extraterritorial exposure.

In 2026, Numspot accelerated its SecNumCloud qualification process by validating milestones J0 and J1 for several PaaS services, including Numspot Managed Kubernetes, Numspot Managed Database, Numspot Managed Secret Manager, Numspot Managed Container Registry, and Numspot Managed AI Platform. Numspot is also continuing the SecNumCloud qualification process for its IaaS offering. In parallel, Numspot is already able to provide Outscale’s SecNumCloud-certified hosting, making it easier to migrate your infrastructure and progressively adopt its sovereign cloud services as they become available.

Why choose a SecNumCloud-qualified cloud provider? It helps organizations protect critical data from non-European access and reduce cyber risk through a secure and trusted sovereign cloud environment.

Compliance with sector-specific regulations

As data becomes increasingly critical to modern information systems and cyber threats continue to rise, regulatory obligations have become stricter across multiple industries. Numspot works to meet these European and sector-specific requirements, protecting your data within a 100% French sovereign cloud environment.

GDPR (General Data Protection Regulation)

A European regulatory framework designed to protect personal data and ensure its confidentiality, security, and integrity throughout its entire lifecycle. Any organization that processes the personal data of EU citizens, whether manually or by automated means, must comply with its requirements.

Data Act (EU Regulation 2023/2854)

A European regulatory framework designed to promote fair access to data and its sharing and portability across connected products and services, including IoT and cloud environments. It requires cloud providers to ensure minimum interoperability and to support easier switching, with a transition period of up to 30 days and no excessive fees by 2027. It also protects personal data, in complement to the GDPR, and trade secrets, while reinforcing digital sovereignty by limiting insecure transfers to third countries.

NIS2 (Network and Information Systems 2)

A European cybersecurity directive aimed at strengthening the security of networks and information systems across the EU. It establishes minimum cybersecurity and incident-reporting requirements for essential entities, important entities, and digital service providers.

DORA (Digital Operational Resilience Act)

A European regulation aimed at strengthening the operational resilience of financial sector organizations through a dedicated framework for governance and internal controls. It places particular emphasis on business continuity in the event of a major incident or disruption, assessing organizations’ ability to maintain continuity across their key financial activities.

PCI-DSS (Payment Card Industry Data Security Standard)

PCI-DSS (Payment Card Industry Data Security Standard)
A security standard made up of 12 requirements designed to protect cardholder data and payment information from unauthorized access, use, or disclosure. PCI DSS compliance is mandatory for any organization that processes, stores, or transmits credit card information.

Organizations trust Numspot to secure their critical data

Offres packagées

Découvrez les offres que nous avons bâties avec nos partenaires technologiques.