Implementation of the National Security Scheme (ENS)
Implementation of the National Security Scheme (ENS)
The ENS (National Security Scheme) is a regulatory framework that establishes the basic principles and requirements to guarantee the security of information in the field of the Spanish Public Administration . It was created with the objective of protecting sensitive information and information systems from cyber threats, ensuring the confidentiality, integrity and availability of data.
The ENS establishes a series of security measures and controls that must be implemented by public sector bodies and entities, as well as by those providers that submit to public tenders linked to services that the administration provides to the citizen, including also the suppliers to whom part of said services may be subcontracted. These measures cover aspects such as access management, data protection, business continuity or incident management, among others.
compliance with the ENS is mandatory for all the aforementioned entities, and its application is supervised and regulated by the National Cryptological Center (CCN), which is the body in charge of ensuring the security of information in Spain.
From Zerolynx, within this service:
- We evaluate the degree of compliance and implementation of the different regulatory and technical requirements for Information Security, based on the legal standard National Security Scheme ENS in its Medium Category.
- We will specify the scope in the Information Systems that support the services you provide to your clients, supporting it on existing systems and processes.
- We prepare the Implementation Plan so that your Organization can achieve optimal compliance with its information security obligations, aligning with the established strategic objectives.
- We carry out the implementation of the ENS National Security Scheme, according to RD 311/2022.
- Your ENS will be ready for Certification by the entity accredited by ENAC that you wish to certify you.
- And, if you wish, at no added cost we will help you find the best certification entity that suits your needs.
What do we include in this service?
- The Adaptation Plan will be in accordance and will comply with everything indicated in RD 311/2022, including:
- Identification of the Organizational Structure and Internal Regulations.
- Review, adaptation and approval of the Security Policy.
- Identification of Services, Categorization of Systems.
- Preparation of the Documentary System.
- Review and adaptation of the Risk Analysis.
- Preparation of the provisional “Declaration of Applicability” of the measures in Annex II.
- Study of insufficiencies of the system.
- Security improvement plan .
- Preparation of the definitive “Declaration of Applicability” of the measures in Annex II.
- Internal Security Audit.
Service phases:
- Discovery: Data collection.
- Organizational structure.
Identification of processes common to all businesses.
Products and services.
Typology of information.
Information systems involved.
- Definition of Scope.
- Statement of applicability.
- Document map: policies, procedures, records.
- Risk Map.
- Resources involved: information assets.
- Internal Security Audit.
After contracting, a Zerolynx Project Manager will contact you to start the service as soon as possible. The work will be concluded in approximately 1 month.
This service is designed exclusively for SMEs with up to 50 employees. If you want to hire this service for larger companies, do not hesitate to contact our sales team from the contact form on our website.
More information about our ENS implementation service
Purchase the service from our virtual store and in less than 48 hours (working hours) one of our Project Managers will contact you to schedule the start of the work, which will take us approximately one week.