Smals

Smals is a Belgian non profit ICT association focused on shared digital infrastructure and services for the public sector, headquartered in Brussels, Belgium. Smals operates as Smals vzw / asbl, a cost sharing association created in 1939, and provides ICT services exclusively to its public sector members at cost. Its activities are concentrated on software development, ICT staffing, infrastructure, hosting, storage, networking, monitoring, and shared G Cloud services for Belgian public institutions, especially in social security and healthcare. Public company materials state that more than 300 public institutions rely on Smals, that the organization had more than 2,200 employees in 2024, and that it plays an active role in Belgium’s G Cloud shared services framework for government infrastructure and applications.

⚙️ Facility Highlights

Data Center Footprint:

Smals publicly states in its 2023 activity report that it operates three data centers in the Brussels region. According to that report, the footprint consists of two primary data centers with a combined net capacity of about 2,000 m², plus a third data center with about 170 m² and more than 40 racks, positioned mainly for business continuity. Smals also states that its data centers form part of a broader G Cloud ecosystem involving other Belgian state managed data centers.

Smals’ older official data center brochure and infrastructure pages also describe multiple sites, including two physical locations with redundancy and fail over, and position the platform for public sector organizations that need secure shared infrastructure, lower operating costs, and continuity oriented hosting. A 2013 brochure identifies computer room capacity of roughly 1,100 m² in Anderlecht and 950 m² in Brussels, which aligns directionally with Smals’ later public statements about a multi site Brussels region footprint, though the latest annual report is the stronger source for the current high level footprint.

Facility Design & Infrastructure:

Smals describes its data centers as being built or renovated to current high standards and designed to host member institutions’ ICT infrastructure securely, with permanent management and protection against unavailability. The 2023 activity report states that the sites use 100 percent duplicated electrical infrastructure, multiple battery backup groups, diesel generators, 100 percent duplicated data network paths, and multiple telecom operators and physical access paths. Smals also states that it operates its own fiber optic connections between data centers so member institutions can distribute and synchronize systems across sites.

Official infrastructure pages and brochures further describe housing, hosting, storage, offsite backup, monitoring, outsourcing, and business continuity capabilities. Smals states that members can either place their own equipment in the data center or use Smals equipment and services. Public storage materials also state that storage systems are deployed in two Smals data centers with fast, redundant interconnections, and that the platform supports mirrored online storage, Virtual Tape Library backup, and service tiers such as Gold and Silver based on redundancy and site separation.

Service Portfolio Overview:

Smals publicly documents a broad infrastructure portfolio including housing, hosting, connectivity, monitoring, outsourcing, offsite backup, business continuity, storage services, application support, and 24x7 operations. In the wider G Cloud program, the 2023 activity report also references services such as Backup as a Service, Datacenter as a Service, Infrastructure as a Service Hypervisor as a Service, Storage as a Service, IT Service Management, and shared security and integration services. Smals also states that some services are provided in collaboration with private sector partners within the G Cloud framework.

🔐 Security & Compliance

Infrastructure Resilience:

Smals’ official infrastructure materials emphasize redundancy, fail over, business continuity, and high availability. The multi site data center page states that the platform includes two physical locations with redundancy and fail over, redundant power network and cabling, emergency power, fire and water protection, and monitored operations governed by formal procedures. The 2023 activity report adds that the third data center is specifically oriented toward continuity of operations, and that Smals also operates a high availability infrastructure for highly critical services using duplicated hardware components, physically separated sites, and availability zones.

Smals also states that its monitoring environment can automatically trigger business continuity procedures for certain critical applications, and that reliable monitoring information is maintained even if serious problems affect the primary data centers. This supports a strong resilience posture for public sector workloads, although I did not find a public statement using commercial retail data center labels such as Tier III or an Uptime Institute certification reference for Smals’ own facilities.

Physical & Logical Security:

Smals publicly states that its infrastructure includes limited and controlled access, 24x24 and 7x7 monitoring, separate workspaces, network security, and protected media storage. The 2023 activity report adds that physical security includes continuous access control by cameras and on site security staff, air conditioning, and high quality fire detection and suppression systems that are not harmful to IT equipment.

On the logical side, Smals states that hosting includes antimalware systems, firewalls, intrusion detection, load balancing, user access management, full and incremental backup, and monitoring with incident handling. The activity report also describes Privileged Access Management using CyberArk, a dedicated Cybersecurity Operations capability, a Cybersecurity Incident Response Team, and infrastructure surveillance on a 24 hours a day, 7 days a week basis.

Compliance & Standards:

Smals publicly states that it uses the ITIL framework for organizing ICT services, including incident, problem, change, release, configuration, capacity, continuity, and service level management. Its 2023 activity report also says cybersecurity initiatives are based in part on ISO 27001 and the Cybersecurity Capability Maturity Model (C2M2).

For archival services in the G Cloud portfolio, the same report states that the selected method is based on ISO 20652. However, I did not find a public source in the material reviewed stating that Smals’ own data centers are formally certified to standards such as ISO 27001, ISO 9001, SOC 2, or PCI DSS as facility certifications. Those should therefore be treated conservatively as Not publicly listed for this directory entry.

🌐 Connectivity & Carrier Access

Carrier Neutrality:

Smals publicly states that its data centers have telecom connections with the main providers, and its hosting and connectivity materials note that Smals can connect members directly to the Extranet of Social Security or to other operators. The 2023 activity report further states that the data network is 100 percent duplicated and accessible through multiple telecom operators and physical access routes.

That said, I did not find a clear public statement where Smals markets its facilities using the explicit commercial term carrier neutral in the same way a retail colocation provider would. Accordingly, carrier neutrality should be treated as Not publicly listed.

Network Capabilities:

Smals operates significant network infrastructure for its public sector members. Its information networks page describes a shared Extranet and communications infrastructure built with strong security controls, while older and newer infrastructure materials state that the data centers are connected via Smals owned fiber, linked to the Extranet of Social Security, FedMAN, and Belnet, and reachable through multiple telecom providers. Smals also states that it can provide the required bandwidth for both internal and external traffic.

Within the G Cloud portfolio, the 2023 activity report also describes IAP internet access protection, API Gateway, and shared connectivity and infrastructure services. Even so, I did not find public evidence for some retail network service labels such as MPLS, SD WAN, wavelength, or dark fiber as separately marketed Smals products.

Connectivity Use Cases:

The strongest documented use cases are for Belgian public institutions needing secure, shared, and cost efficient hosting and infrastructure, including social security, healthcare, and broader government workloads. Public materials support use cases such as multi site hosting, business continuity, offsite backup, managed hosting, secure public sector interconnection, and access to other G Cloud shared services.

Smals also positions its connectivity model for institutions that want to consolidate their own data rooms into a more resilient environment while staying connected to the Belgian public sector network ecosystem.

💼 Who It Serves

Smals serves Belgian public sector organizations only. The company states that its activities are directed exclusively at government organizations that are members of the association, with particular focus on social security and healthcare, while also supporting broader public institutions where shared services and economies of scale are beneficial. Public site materials state that more than 300 public institutions rely on Smals.

Its infrastructure, hosting, and G Cloud services are therefore best understood as public sector shared services for institutions that need secure hosting, application support, storage, monitoring, continuity, and common digital government platforms rather than as a general market commercial provider serving private enterprises.