Our compliance procedures

At Cloud Temple, transparency is at the heart of our customer relationship. We are committed to providing our customers with all the information they need about our security objectives, protection measures, risk management and management system, so that they can make informed decisions and integrate our services into their own security strategy.

Our list of certifications, qualifications and compliances

ISO 27001

ISO 27001

This international standard sets out the requirements for an information security management system (ISMS), aimed at protecting company data against potential threats. Cloud Temple has been ISO 27001 certified for infrastructure since 2018 and for managed services since 2022. This demonstrates our commitment to managing information security in a proactive and structured way.

ISO/IEC 27001:2022 certification

(certificat CT-ISMS-122024-0CU01415)

SecNumCloud

SecNumCloud

SecNumCloud is a French qualification that certifies that our cloud services comply with the high security requirements specified by ANSSI (Agence nationale de la sécurité des systèmes d'information). We obtained this qualification for our IaaS services in 2022, then for our PaaS services in 2024, guaranteeing that all our cloud solutions comply with rigorous security standards. This dual qualification demonstrates our ongoing commitment to strengthening the security and sovereignty of our infrastructures and services.

 

SecNumCloud 3.2 IaaS certificate

SecNumCloud 3.2 PaaS certificate

Find out more
PAMS

PAMS

PAMS qualification aims to guarantee secure administration and maintenance practices for our customers' information systems. With a validated J1 status, we are preparing to achieve full qualification by the end of 2025, demonstrating our investment in secure and reliable operational practices. This enables our customers to benefit from optimised and secure management of their IT resources.

HDS

HDS

Cloud Temple is HDS (Healthcare Data Hosting) certified for activities 2 to 6, which attests to our compliance with strict security and confidentiality standards for sensitive healthcare data. For activity 1, which is not directly related to our business, we have been relying since 2022 on data centres that themselves comply with HDS regulations. This approach enables us to offer secure services that comply with regulatory requirements to players in the healthcare sector.

HDS certification

(certificat CT-HDS-122024-0CU01415)

Find out more
ISAE 3402

ISAE 3402

This standard assesses the process controls we put in place over a defined period, providing assurance to our customers about the reliability of the services they use. We have achieved ISAE 3402 Type 2 certification, ensuring that our IT services, which process our customers' data, comply with high standards of control and security. This reinforces our customers' confidence in the services we provide.

ISAE 3402 certification available on request

C5

C5

The C5 framework (Cloud Computing Compliance Criteria Catalog) is a standard developed in Germany by the Federal Office for Information Technology Security (BSI) to assess the security compliance of cloud providers. We are compliant with the framework, which will demonstrate our commitment to robust data security standards. Adherence to this framework demonstrates our ability to manage security risks in the cloud.

Find out more
GAIA-X

Gaia-X

Gaia-X is a European initiative aimed at creating a secure and interoperable data ecosystem to support innovation in the cloud. We are currently studying to achieve level 3 certification, which will strengthen our position as a key player in the trusted cloud in Europe. This initiative underlines our commitment to contributing to a sustainable and secure digital environment.

Find out more
Reference Perimeter Issued by Validity
HDS (Health Data Hosting) HDS activities 2 to 6 Certi-Trust 16/12/2027
ISAE 3402 (Type II) IT Services Guibert & Co 30/09/2024 *
ISO:27001 v2022 Hosting and outsourcing Certi-Trust 16/12/2027
SecNumCloud v3.2 IaaS Secure Temple *** ANSSI 30/05/2028
SecNumCloud v3.2 PaaS OpenShift ANSSI 30/05/2028
C5 Cloud services Naolys Audit 31/05/2025**

* ISAE certificates cover activities over a past period and are renewed annually.

** Compliance is evidenced by an ISAE 3000 type 1 report dated 31/05/2025

*** VMware IaaS, OpenSource IaaS, S3 Object Storage, HSM-KMS encryption, Bare metal

Objectives of our safety measures

Our aim is to provide a cloud infrastructure that not only secures data, but also facilitates compliance with the standards that govern our customers' business.

Customer data protection and service continuity

Our security measures aim to ensure the fundamental triad of information security and operational continuity:

  • Confidentiality Data is only accessible to authorised persons thanks to our strict access controls and encryption mechanisms.
  • Integrity : We maintain the accuracy and completeness of the data through consistency checks and verified back-ups.
  • Availability : Data and services remain accessible at all times thanks to our redundant architecture and continuity measures
  • Resilience Our controls guarantee resistance to technical incidents and rapid recovery in the event of a disaster.

Regulatory compliance tailored to customer needs

Our security measures are designed to help customers achieve compliance with the specific standards and regulations that apply to their sector of activity:

  • Health sector Compliance with the requirements of Article L.1111-8 of the Public Health Code and CNIL recommendations
  • Financial institutions Compliance with ACPR requirements and DORA regulations
  • Public administrations Compliance with SecNumCloud standards
  • Companies subject to the RGPD : Implementation of appropriate technical and organisational measures

Assistance with customer compliance procedures

Cloud Temple strives to assist its customers with their specific compliance requirements:

  • Personalised assessment : Analysis of each customer's specific regulatory requirements
  • Expert advice : Support from our specialist compliance teams
  • Appropriate documentation : Supply of the elements required for audits and certifications
  • Continuous updating : Evolving our services to maintain the required level of compliance

Risk management programme

Risk management process

Cloud Temple has put in place a structured risk management process based on recognised methodologies:

  • ISO 27005 Information security risk management
  • EBIOS Risk Manager : Method for analysing and dealing with digital risks developed by ANSSI

This methodological approach guarantees a systematic and rigorous analysis of the risks weighing on our infrastructures and hosted customer data.

Validation of the soundness of the programme

The robustness of our risk management is demonstrated by our compliance with the most demanding safety standards:

  • ISO 27001 certification Validation of the safety management system, including risk management
  • SecNumCloud qualification ANSSI : ANSSI standard incorporating a risk-based approach specific to the cloud
  • ISAE 3402 audit : Independent verification of the effectiveness of our safety controls

These certifications demonstrate that our risk management programme meets international standards and French and European regulatory requirements.

Threat model and assessment criteria

Our programme includes a comprehensive analysis of threats specific to cloud environments:

  • Identifying threats Systematic analysis of technical, organisational and environmental risks
  • Vulnerability assessment : Ongoing assessment of potential weaknesses in our infrastructure
  • Risk acceptance criteria Thresholds defined according to potential impact and probability of occurrence
  • Mitigation measures : Appropriate safety controls to reduce identified risks

Integration into client frameworks

To facilitate the integration of our controls into our clients' risk management programmes, we offer :

  • Summary of identified threats Document detailing the main categories of risk considered
  • Risk assessment criteria Methodology and scales used for risk assessment
  • Analysis of accepted residual risks Presentation of residual risks after controls have been implemented
  • Control mapping Correspondence between our security measures and customer frameworks (ISO 27001, NIST, etc.)

Access to risk management information

The detailed results of our risk assessments remain confidential for security reasons. However, on request, customers may obtain :

  • An adapted summary of the threats considered in their context of use
  • Risk assessment criteria and methodologies applied
  • A statement of residual risks accepted after controls have been implemented
  • An integration guide for incorporating our controls into their own risk analysis
Our security approach is based on compliance with the most demanding international and national standards, paying particular attention to European regulatory requirements, which are recognised for their rigour in terms of data protection. This approach guarantees the robustness and reliability of our infrastructures, providing appropriate protection for our customers' most sensitive systems.
Giuliano Ippoliti, Director of Cybersecurity at Cloud Temple

Safety measures and documentation

Information on safety measures

Cloud Temple provides its customers with the following documents to help them understand the security measures in place and their validation:

  • Certificates and qualifications : Official proof of our ISO 27001 certification, SecNumCloud qualification and other standards
  • ISO 27001 applicability declaration Document detailing the applicable safety measures and their implementation
  • Security certifications for partner data centres : Certificates of compliance from our suppliers (Interxion, Data4, Telehouse)
  • ISAE 3402 audit report Detailed document on the effectiveness of our measures (accessible after validation of a confidentiality agreement)

Information Security Management System (ISMS)

Cloud Temple's information security management system is documented and certified to ISO 27001.

Customers can check our compliance with contractual safety obligations using the following documents:

  • ISO 27001 certification : Proof of compliance of our ISMS
  • ISO 27001 applicability declaration Details of the security measures implemented as part of our ISMS
  • ISAE 3402 audit report Independent validation of the effectiveness of our management system (under confidentiality agreement)

How can I access this information?

For our customers
You can access all this documentation via your Cloud Temple Account Manager, who will guide you through the process and provide you with documents tailored to your specific needs.

 

For specific risk management requests
For more information on our risk management programme or to obtain summary documents tailored to your context: DPD@cloud-temple.com

Infrastructure: a sovereignty issue

Your safety deserves excellence: let's talk about it

These certifications and qualifications testify to our daily commitment to operational excellence and the security of your data. But beyond the labels, it's our ability to support you in your specific challenges that makes the difference.

Do you have specific compliance requirements? Would you like to understand how our certifications can meet the specific needs of your industry? Or would you simply like to know more about our approach to safety?

Our team of experts will be happy to discuss your projects with you.

Contact us
Contact us

Cookie policy

We use cookies to give you the best possible experience on our site, but we do not collect any personal data.

Audience measurement services, which are necessary for the operation and improvement of our site, do not allow you to be identified personally. However, you have the option of objecting to their use.

For more information, see our privacy policy.

Authorise Refuse