Dozens of companies already ExpertCyber-certified, just six weeks after initiative’s launch
Designed to help organizations find competent, reliable service providers, the ExpertCyber initiative certifies French companies that both install and maintain security products, as well as provide incident response services.
Organizations in any sector can use the ExpertCyber directory to check whether a particular company is certified, or to search for providers that meet their specific requirements.
DON’T FORGET TO READ France tops blue-chip cybersecurity maturity index
The scheme was unveiled last month by Cybermalveillance.gouv.fr, a government resource dedicated to supporting cyber-attack victims.
The project’s partners include digital trade bodies Federation EBEN, Cinov Numérique, and Syntec Numérique, the French Insurance Federation (FFA), and AFNOR (Association Française de Normalisation), the French standardization and ISO member body.
Dozens of service providers have apparently been convinced that the ExpertCyber label might give them an edge when pitching for business from organizations contending with surging ransomware attacks and an attack surface enlarged for Covid-19-related reasons.
Six weeks on from the scheme’s February 17 launch “there are 55 labeled companies and many more candidates”, ExpertCyber project manager Franck Gicquel told The Daily Swig.
“It’s just the beginning” but early feedback is “good”, he added.
Gicquel also said the project wasn’t modelled on similar schemes in place elsewhere.
“We don't know any similar approach in other countries,” he said. “We just wanted to fill a true need for small and medium companies to easily find trustworthy IT security service providers.”
ExpertCyber applicants must pay an €800 fee, complete a technical questionnaire, and furnish documentary evidence that they meet various criteria. A certification decision is then made following an audit conducted by AFNOR.
Auditors assess competence in everything from technical proficiency to GDPR compliance and customer support standards.
Certified companies win the right to use the ExpertCyber logo on their website and marketing communications, and are given guidance on how to convey the assurances the label offers to prospective customers.
The label expires after two years unless renewed. Providers can re-apply in the event of a failed audit.
Information security firms with a valid ‘security visa’ under a similar certification scheme operated by the French National Cybersecurity Agency (ANSSI) are entitled to automatic ExpertCyber certification.
Cybermalveillance.gouv.fr, which runs a public bug bounty program, is operated by GIP ACYMA (Le Groupement d’Intérêt Public Action contre la Cybermalveillance), a public-private partnership set up in 2017 to help citizens, businesses, and local authorities strengthen their security posture.