In an increasingly interconnected digital world, information security has become a priority for both public and private organizations providing services to the Public Sector in Spain. In this context, the National Security Scheme – Esquema Nacional de Seguridad (ENS) is established as the regulation to comply with to ensure the adequate protection of information assets (confidential data, intellectual property, financial records, customer information, information about products or services).
What is the National Security Scheme?
The National Security Scheme (ENS) has evolved since its regulation by Royal Decree 3/2010, of January 8, with subsequent modifications in 2015, until its current regulation by Royal Decree 311/2022 in the field of Electronic Administration.
The Royal Decree 311/2022 has carried out an update of the National Security Scheme (ENS) with several objectives:
* Firstly, the aim is to align the NSS with the current regulatory framework and strategic context to ensure security in Digital Administration. This involves clarifying the scope of the NSS and updating the current legal references to simplify and harmonize its guidelines.
* Secondly, the capability to adapt the requirements of the NSS has been introduced to adjust to the specific reality of certain groups or types of systems, considering similar risks to those exposed by such information systems.
* Lastly, efforts have been made to enhance protection against cybersecurity trends by reviewing fundamental principles, minimum requirements, and security measures that must be implemented by entities subject to the ENS.
Fundamental principles of the ENS
* Proportionality: Security measures must be proportional to the identified risks and the assets being protected.
* Flexibility: The ENS must adapt to the specific needs of each entity, allowing the implementation of measures appropriate to its context and size.
* Cross-cutting: Information security must be integrated into all activities and processes of organizations.
* The ENS aims to ensure efficiency in information security management, avoiding duplications and optimizing resources.
Main objectives of the ENS
* Establish a common reference framework for information security management in the public sector.
* Protect information assets against internal and external threats.
* Promote trust in the digital services offered by public administrations.
* Comply with legislation and regulations regarding information security.
The scope of the National Security Scheme encompasses all entities of the Public Sector as established in Article 2 of Law 40/2015, as well as systems handling classified information, subject to the provisions of Law 9/1968, of April 5, on Official Secrets. Additionally, it also includes information systems of entities in the private sector that provide services or solutions to public sector entities for the exercise of their competencies and administrative powers.
Information security is an evolving challenge, and it is crucial that the ENS remains updated in a constantly changing digital environment.
In this regard, we are pleased to announce that we have renewed our ENS for an additional two years under the MEDIUM categorization:
Certification of compliance with the National Security Scheme – MEDIUM
The renewal of the National Security Scheme (ENS) is not only a requirement for working with public administrations but also a demonstration of our ongoing commitment to information protection and adaptation to new threats and challenges in the field of cybersecurity.
By renewing our ENS, we ensure that the security measures at SaveTheProof are aligned with the latest best practices and standards in the field of information security.
During the ENS renewal process, we conducted a thorough review of our policies, procedures, and security controls, including:
* Updating the risk assessment to identify new threats and vulnerabilities.
* Reviewing and updating technical and organizational security measures.
* Continuous training of personnel on information security topics.
* Internal audits to verify compliance with the requirements of the ENS.
For SaveTheProof, the renewal of the National Security Scheme (NSS) is a crucial step in our journey towards excellence in information security. By staying updated and adapting to changes in the cybersecurity landscape, we can effectively protect our information assets and ensure the trust and security of our digital services.
If you have any doubts or inquiries about our ENS, please contact us via chat or email us at: [email protected]