Dozens of companies already ExpertCyber-certified, just six weeks after initiative’s launch

French certification scheme for infosec service providers - ExpertCyber - off to promising start

A new French government certification scheme for providers of cybersecurity services has made an auspicious start, according to the project’s manager.

Designed to help organizations find competent, reliable service providers, the ExpertCyber initiative certifies French companies that both install and maintain security products, as well as provide incident response services.

Organizations in any sector can use the ExpertCyber directory to check whether a particular company is certified, or to search for providers that meet their specific requirements.


DON’T FORGET TO READ France tops blue-chip cybersecurity maturity index


The scheme was unveiled last month by Cybermalveillance.gouv.fr, a government resource dedicated to supporting cyber-attack victims.

The project’s partners include digital trade bodies Federation EBEN, Cinov Numérique, and Syntec Numérique, the French Insurance Federation (FFA), and AFNOR (Association Française de Normalisation), the French standardization and ISO member body.

‘Early feedback’

Dozens of service providers have apparently been convinced that the ExpertCyber label might give them an edge when pitching for business from organizations contending with surging ransomware attacks and an attack surface enlarged for Covid-19-related reasons.

Six weeks on from the scheme’s February 17 launch “there are 55 labeled companies and many more candidates”, ExpertCyber project manager Franck Gicquel told The Daily Swig.

“It’s just the beginning” but early feedback is “good”, he added.

Gicquel also said the project wasn’t modelled on similar schemes in place elsewhere.

“We don't know any similar approach in other countries,” he said. “We just wanted to fill a true need for small and medium companies to easily find trustworthy IT security service providers.”

Audit process

ExpertCyber applicants must pay an €800 fee, complete a technical questionnaire, and furnish documentary evidence that they meet various criteria. A certification decision is then made following an audit conducted by AFNOR.

Auditors assess competence in everything from technical proficiency to GDPR compliance and customer support standards.

Certified companies win the right to use the ExpertCyber logo on their website and marketing communications, and are given guidance on how to convey the assurances the label offers to prospective customers.


Catch up on the latest France security news


The label expires after two years unless renewed. Providers can re-apply in the event of a failed audit.

Information security firms with a valid ‘security visa’ under a similar certification scheme operated by the French National Cybersecurity Agency (ANSSI) are entitled to automatic ExpertCyber certification.

Cybermalveillance.gouv.fr, which runs a public bug bounty program, is operated by GIP ACYMA (Le Groupement d’Intérêt Public Action contre la Cybermalveillance), a public-private partnership set up in 2017 to help citizens, businesses, and local authorities strengthen their security posture.


YOU MIGHT ALSO LIKE EU cybersecurity strategy: Coronavirus, supply chain attacks highlight ‘lack of coordination’ among member state