Spanish National Security Scheme (ENS)

The National Security Scheme (ENS) acts as a digital shield, protecting information within the scope of Electronic Administration.

Its main objective is to guarantee the security of personal and confidential data that is exchanged through different online channels, strengthening trust in digital public management.

How does the ENS work?

The ENS establishes a series of security measures that must be implemented by all public entities that offer electronic services. These measures cover different aspects:

  • Confidentiality: Information should only be available to authorized persons.
  • Integrity: Information should be free from unauthorized modifications and/or errors.
  • Traceability: Tracking of unauthorized access to information.
  • Availability: Information should be accessible when needed.
  • Authenticity: Ensuring that the person who has access is who they claim to be.

The National Security Scheme is a fundamental tool to guarantee the security of citizens’ information in the digital sphere. Its application is key to building a secure and reliable Electronic Administration.

Who should have the National Security Scheme (ENS) certification?

All entities that manage information of the Spanish Public Administration, both public and private, must obtain the ENS certification.

This includes:

  • Spanish Public Administrations
  • Public law entities (Hospitals, Universities, etc.)
  • Private companies that provide services to the Public Administration

What does obtaining the ENS certification mean for companies?

Comply with the law

These companies meet the requirements of current information security legislation

Bigger Trust

They build trust in Public Administrations and private companies regarding the security of their IT services.

More Opportunities

They increase their chances of accessing contracts with the Public Administration

Benefits of internal operation

Increased team awareness, greater commitment of the organization to security and continuous improvement.

 ENS Levels

CATEGORY

EVALUATION PROCESS

DECLARATION OF CONFORMITY 

NUMBER OF CONTROLS

Basic
Self-assessment Declaration of Conformity 52
Medium
Formal Audit Formal Audit 68
High
Formal Audit Formal Audit 73

How can we help you achieve your certification?

We support you in the implementation of robust technical measures to protect your organization against digital threats and guide you on the path to compliance with the National Security Framework (ENS) standards.

Phases of our consulting service for the implementation of the ENS:

✅ Baseline Analysis: We determine the scope of the project and the ENS level.

✅ GAP Analysis and Implementation Plan: We identify gaps between the current state and the desired state and develop a plan to close those gaps.

✅ Definition and Development of Required Documentation: We define and develop the documentation required for ENS compliance, such as security policies, procedures, and guidelines.

✅ Implementation of Controls and Evidence Collection: We implement the security controls required for ENS compliance and collect evidence of implementation.

ISO 9001

ISO/IEC 27001

ENS-medium level

ISO 20000

UNE-EN ISO/IEC 17025

Approved IDS Evaluation Facility

Suscríbete a nuestra newsletter
Síguenos

Aviso Legal | Política de Cookies | Contacto
© 2024 Software Quality Systems S.A. | SQS is a member company of Innovalia