System classification
Determination of the security level (básica, media, alta) based on analysis of security dimensions: availability, authenticity, integrity, confidentiality, traceability.
Compliance · ENS
Esquema Nacional de Seguridad — security for the Spanish public administration.
Real Decreto 311/2022. Spanish regulatory framework for the security of information systems used by public administrations and their suppliers. Articulated across three security levels: básica, media, alta.
Context
Who it applies to
Spanish public administrations (state, autonomous, local) and service providers handling information or managing systems for the Spanish PA. Useful for Italian or European suppliers wishing to operate in the Spanish public market or expand an active service to a Spanish PA.
What the assessment covers
What the assessment covers
Organizational framework
Security policy, internal regulations, procedures, organization and responsibilities.
Operational framework
Planning, access control, operations, external services, continuity, monitoring.
Protective measures
Protection of facilities, personnel management, systems, communications, information.
Audit and certification
Preparation for the certification audit conducted by certification entities recognized by the CCN.
Alignment with NIS2
Mapping with the European directive for entities operating under both frameworks.
Same method
Same methodology, applied to the specific regulation.
The methodology common to all certifications — the open-source platform, the documents delivered, the 0–5 maturity model, the work phases — is described once on the main Compliance page.
Have a deadline to face on this regulation?
We start with a scoping: classification of the organization, perimeter, responsible people, availability of existing evidence. From there the rest is sized.