Spanish National Security Scheme (ENS) implementation and audit

The National Security Scheme (ENS) acts as a digital shield, protecting information within the scope of Electronic Administration.

Its main objective is to guarantee the security of personal and confidential data that is exchanged through different online channels, strengthening trust in digital public management.

Contact us

ENS Webinar September 25th, online from 12:00 to 13:00 pm (Spanish time)

What is the National Security Framework (ENS)?

The National Security Framework, applicable to the entire Public Sector, as well as to suppliers that collaborate with the Administration, offers a common framework of basic principles, requirements and security measures for the adequate protection of the information processed and the services provided, with the aim of ensuring access, confidentiality, integrity, traceability, authenticity, availability and conservation of the data, information and services used by electronic means that they manage in the exercise of their competences. Since its first development in 2010, it has been in constant evolution with notable modifications in 2015 and its last update in 2022 (Royal Decree 311/2022).

Join next webinar

How can we help you achieve your certification?

We support you in the implementation of robust technical measures to protect your organization against digital threats and guide you on the path to compliance with the National Security Framework (ENS) standards.

Phases of our consulting service for the implementation of the ENS:

✅ Baseline Analysis: We determine the scope of the project and the ENS level.

✅ GAP Analysis and Implementation Plan: We identify gaps between the current state and the desired state and develop a plan to close those gaps.

✅ Definition and Development of Required Documentation: We define and develop the documentation required for ENS compliance, such as security policies, procedures, and guidelines.

✅ Implementation of Controls and Evidence Collection: We implement the security controls required for ENS compliance and collect evidence of implementation.

Does your company comply with the ENS?

What does obtaining the ENS certification mean for companies?



Comply with the law

These companies meet the requirements of current information security legislation



Bigger Trust

They build trust in Public Administrations and private companies regarding the security of their IT services.



More Opportunities

They increase their chances of accessing contracts with the Public Administration



Benefits of internal operation

Increased team awareness, greater commitment of the organization to security and continuous improvement.

ENS Levels

CATEGORY	EVALUATION PROCESS	DECLARATION OF CONFORMITY	NUMBER OF CONTROLS
Basic	Self-assessment	Declaration of Conformity	52
Medium	Formal Audit	Formal Audit	68
High	Formal Audit	Formal Audit	73

How does the ENS work?

The ENS establishes a series of security measures that must be implemented by all public entities that offer electronic services. These measures cover different aspects:

Confidentiality: Information should only be available to authorized persons.
Integrity: Information should be free from unauthorized modifications and/or errors.
Traceability: Tracking of unauthorized access to information.
Availability: Information should be accessible when needed.
Authenticity: Ensuring that the person who has access is who they claim to be.

The National Security Scheme is a fundamental tool to guarantee the security of citizens’ information in the digital sphere. Its application is key to building a secure and reliable Electronic Administration.