Royal Decree 3/2010 of 8th January sets out the security policy that applies to the use of electronic media. Spain’s National Security Scheme (ENS) is made up of a set of basic principles and minimum standards that aim to ensure the adequate protection of information. These basic principles and requirements apply to the in-house systems used by public bodies as well as to those used by their private-sector providers. Both must be certified as ENS-compliant by November 2017.
The objectives of the ENS are as follows:
- To foster the conditions required for the secure use of electronic media
- To set out a policy on the secure use of electronic media
- To introduce a set of common practices that provide a framework for the actions taken by public bodies and their providers in the field of IT security
- To develop a common language so as to facilitate interaction between public bodies as well as the communication of IT-security requirements to industry
- To provide a uniform approach to security
- To facilitate an ongoing focus on security
Benefits:
- Proves the organisation’s commitment to and compliance with national security standards to providers and clients alike
- Opens up the possibility of becoming a service provider to the Spanish public sector
- Acts as a deterrent by demonstrating to the outside world that the systems of the company or public body are adequately protected
- Provides certification that is entirely compatible with and complementary to international IT-security-system standards for industry (such as ISO 27001)
- Actively involves all departments across a company or public body, increasing employee awareness of and participation in issues related to security-system culture and compliance