Independent verification (continuous)
Why important?
Impact over paperwork: independent/machine-readable checks & continuous compliance reduce blind spots.
How measured?
Scale 0–5 + N/A:
- 0 = No independent/regular verification
- 1 = Ad-hoc checks, not systematic
- 2 = Periodic/partial, limited scope
- 3 = Continuous monitoring/assessment (tools/reports) for core scope
- 4 = Continuous + independent verification (audit/assurance) well documented
- 5 = Continuous + independent assurance with transparent evidence/reporting
- N/A = no reliable evidence
Sources / Evidence
Validation questions (RFP)
- Is there continuous compliance monitoring? Are independent audits/assessments conducted regularly? How is evidence provided?
Scores comparison
| Providers | Score | |
|---|---|---|
| Microsoft Sovereign Cloud | 4.0 | |
| SysEleven OpenStack Cloud | 4.0 | |
| Cloud Temple Trusted Cloud | 3.0 | ANSSI SecNumCloud audits (regular). ISO 27001 annual audits. HDS recertification. Gaia-X Level 3 audit. No continuous automated verification documented. |
| Infomaniak Public Cloud | 2.0 | ISO 27001 annual audits. ISO 14001/50001 audits. B Corp recertification. Bug bounty program. No continuous automated verification. |
| noris Sovereign Cloud | 3.0 | |
| pluscloud open | 3.0 | |
| Exoscale | 2.0 | |
| Hetzner Cloud | 2.0 | |
| IONOS Cloud | 2.0 | |
| OVHcloud Public Cloud (inkl. SecNumCloud) | 2.0 | |
| Oracle EU Sovereign Cloud | 2.0 | |
| STACKIT | 2.0 | |
| Scaleway | 2.0 | |
| UpCloud | 2.0 | |
| AWS European Sovereign Cloud | N/A | |
| Delos Cloud | N/A | |
| T Cloud Public | N/A |