Spanish National Security Scheme (ENS)
The National Security Scheme (ENS) acts as a digital shield, protecting information within the scope of Electronic Administration.
Its main objective is to guarantee the security of personal and confidential data that is exchanged through different online channels, strengthening trust in digital public management.
How does the ENS work?
The ENS establishes a series of security measures that must be implemented by all public entities that offer electronic services. These measures cover different aspects:
- Confidentiality: Information should only be available to authorized persons.
- Integrity: Information should be free from unauthorized modifications and/or errors.
- Traceability: Tracking of unauthorized access to information.
- Availability: Information should be accessible when needed.
- Authenticity: Ensuring that the person who has access is who they claim to be.
The National Security Scheme is a fundamental tool to guarantee the security of citizens’ information in the digital sphere. Its application is key to building a secure and reliable Electronic Administration.
Who should have the National Security Scheme (ENS) certification?
All entities that manage information of the Spanish Public Administration, both public and private, must obtain the ENS certification.
This includes:
- Spanish Public Administrations
- Public law entities (Hospitals, Universities, etc.)
- Private companies that provide services to the Public Administration
What does obtaining the ENS certification mean for companies?
Comply with the law
These companies meet the requirements of current information security legislation
Bigger Trust
They build trust in Public Administrations and private companies regarding the security of their IT services.
More Opportunities
They increase their chances of accessing contracts with the Public Administration
Benefits of internal operation
Increased team awareness, greater commitment of the organization to security and continuous improvement.
ENS Levels
CATEGORY |
EVALUATION PROCESS |
DECLARATION OF CONFORMITY |
NUMBER OF CONTROLS |
Basic |
Self-assessment | Declaration of Conformity | 52 |
Medium |
Formal Audit | Formal Audit | 68 |
High |
Formal Audit | Formal Audit | 73 |
How can we help you achieve your certification?
We support you in the implementation of robust technical measures to protect your organization against digital threats and guide you on the path to compliance with the National Security Framework (ENS) standards.
Phases of our consulting service for the implementation of the ENS:
✅ Baseline Analysis: We determine the scope of the project and the ENS level.
✅ GAP Analysis and Implementation Plan: We identify gaps between the current state and the desired state and develop a plan to close those gaps.
✅ Definition and Development of Required Documentation: We define and develop the documentation required for ENS compliance, such as security policies, procedures, and guidelines.
✅ Implementation of Controls and Evidence Collection: We implement the security controls required for ENS compliance and collect evidence of implementation.
Certificaciones
ISO 9001
ISO/IEC 27001
ENS-nivel medio
ISO 20000
UNE-EN ISO/IEC 17025
Síguenos
Aviso Legal | Política de Cookies | Contacto
© 2024 Software Quality Systems S.A. | SQS is a member company of Innovalia