More and more companies are choosing to be certified in the National Security Scheme (ENS), but not all succeed, this regulation has become a benchmark in the management of information security in the Spanish public sector. The certification in the ENS allows companies to demonstrate that they comply with the requirements and security measures established by the regulations, which generates greater confidence and reliability in the management of the information they handle. In this article we announce which Tecsens certified in the ENS and what it entails.

What is the ENS?

The National Security Scheme (ENS) is a set of measures and requirements that guarantee the security of the information handled by Spanish public administrations.

Included in Royal Decree 3/2010 it was established for the first time in 2007 and updated in 2019. The regulations establish that all public entities that handle information must comply with the requirements set. Created under the clear need to establish common methodologies for the implementation and use of electronic media in the public sphere in this way generate trust among citizens.

Objectives of the ENS

The objective of the ENS is to provide a common frame of reference for information security throughout the Spanish public sector, establish the principles that regulate and ensure access, integrity, availability and veracity of information used in electronic media in or related to Public Administrations (state, regional and local). This allows greater efficiency and effectiveness in the management of information security.

The ENS has multiple objectives including:

Establish a common framework for information security

This allows greater efficiency and effectiveness in information security management, by providing a common basis for risk management and the implementation of security measures.

Ensure the confidentiality, integrity and availability of information

This is achieved by implementing technical, organizational and legal security measures, which ensure that information is adequately protected at all times.

Ensure interoperability and trust in the exchange of information between Spanish public entities

This is achieved by defining common standards and requirements for information security, allowing for greater compatibility and reliability in the exchange of information.

Scopes of application of the ENS

The scope of the ENS is very broad. They apply to all Spanish public entities, from the central administration of the State to local entities, through autonomous bodies, universities, hospitals and other health centers, among others.

In addition, the ENS also applies to information and communication technology (ICT) service providers working for the public sector, as is our case.

Categories of systems in the ENS

1. HIGH Category

Information security risks can cause catastrophic harm.

2. MEDIA Category

Information security risks can cause serious harm if there are none of a higher level.

3. LOW Category

Information security risks do not outweigh the cause of limited harm and none of a serious or higher level exist.

Each information system may be treated independently in terms of information security measures according to its category.