What is the national security scheme and what does it bring to your company?
In the field of Spanish eGovernment, the purpose of the national security scheme is to establish the security policy in the use of electronic means and consists of basic principles and minimum requirements that allow a adequate protection of information. Adequacy implies compliance with Royal Decree 3/2010, of 8 January (BOE of 29 January), which regulates the National Security Scheme in the field of electronic administration, regulates the aforementioned Scheme provided for in Article 42 of Law 11/2007 , of 22 June, of citizens’ electronic access to Public Services.
''We help you in your adequacy plan and in the effective implementation of the ENS''
Discover our ENS software
The National Security Scheme is more than just a risk analysis and it doesn’t have to be complicated. Thanks to our Software national scheme GlobalSUITE® and its support system this project is a simple task. The perfect software to suit your organization.
Risk Analysis and Management
It allows to identify, analyze, evaluate and manage all risks that affect the company. Special module to parameterize methodologies, calculations, levels, etc.
Parameterization of probability and impact, risk assessment, cost analysis, asset threats and configurable.
Definition of acceptable risk, acceptable risk levels, risk listing, risk map, simultaneous or dependent risks.
Catalogue of configurable controls and summary of them, management settings, risk reassessment, parameterizable questionnaires.
It allows to manage the proposal of indicators, Differential Analysis, Declaration of Applicability, capacity management, management of changes and acquisitions, etc.
Document Manager with document life-cycle embedded
It allows the control of all documentation, in different formats and with version control, to support the integral management of the security of your organization.
Historical of availability, capacity and training plans and allocation of metrics for tracking.
Declaration of Applicability
The platform enables the creation and management of the Declaration of Applicability (SOA), as well as its alignment with risk management.
Dashboards enabling a comprehensive organizational management and strategic control through metrics, indicators and KPIs
Declaration of Applicability
The platform enables the generation of statistics of the state of the organization and its alignment with riskmanagement.
Consulting and Auditing the national security scheme
What does the adequacy of the national security scheme entail?
The purpose of the national security scheme is to create the necessary conditions for confidence in the use of electronic means, through measures to ensure the security of electronic systems, data, communications, and services, enabling the exercise of rights and fulfilling duties through these means. It seeks to support the confidence that information systems will provide their services and guard the information according to their functional specifications, without interruptions or out-of-control modifications and without the information being able to reach the knowledge of unauthorized persons.
Our team has more than 15 years of experience and is formed by:
- Lawyers and engineers
- Lead Auditor, ISO 27001, ISO 20000,ISO 22301, Lead Implementer.
- DPD Certification
- CISA, CISM, CGEIT, CRISC
- PMP, ITIL, CDPP, COBIT 5 Foundations
From our company we include the cycle of continuous improvement of the system that adopts the implementation model of the ISO 27001
The phases of the project for the implementation and subsequent certification of your SGSI are:
- Scope delimitation.
- Analysis and Risk Management.
- Declaration of Applicability.
- Policies and Procedures.
- Security Director Plan.
- Business Continuity Plan.
- Training Plan. Incident Management.
- Development of the SGSI. Internal Audit.
- Certification by accredited entity (if applicable).
Our role is to prepare your organization to implement the system in security. Once the system is achieved in your company it is your decision to certify or not. This work requires specialists with extensive organizational knowledge, information systems management and current information security technology. Without a doubt, to obtain the certification, the most economical, practical and fast option is to hire a specialized company to carry out this preparation.
implementation of the National Security Scheme in your organization has the following benefits:
- Legal compliance.
- Improved staff control across the organization.
- Improved incident and vulnerability management process.
- Continuous system improvement cycle
Adequacy is a basic element to compete in the market. The current interrelationship between the systems of different organizations means that concrete and adequate levels of security must be mutually required that with compliance with the ISO 27001 standard can be achieved.
The methodology used by GlobalSUITE, based on the experience of its consultants in the implementation of Information Security Management Systems, comprises the entire cycle of continuous improvement of the system and adopts the model of implementation of ISO 27001, already tested for more than 15 years of experience in implementation in all types of companies and public administrations, with the sole exception of including the categorisation of the system as one of the milestones to be fulfilled in the ‘PLAN’ phase.