Public sector bodies and their private IT providers are required to certify their ENS (National Security Framework) conformity by November 2017.
CCN-CERT, part of Spain’s National Cryptologic Centre, already names Applus+ on its list of accredited and soon-to-be-accredited certification bodies for ENS certification and the certification of systems classified to DL (limited diffusion) grade or equivalent.
Spanish Royal Decree 3/2010 sets out that the systems of public sector organisations and their private sector IT suppliers and service providers must be ENS-certified by November 2017.
An ENS certificate of conformity may only be issued by a certification body accredited to UNE-EN ISO/IEC 17065:2012 standard by ENAC, Spain’s national accreditation agency.
IT systems covered by this royal decree are legally subject to a periodic audit, at least once every two years, to check compliance with ENS requirements.
There are two levels of audit:
- BASIC: This level simply involves a self-evaluation carried out by the personnel in charge of the IT system and results in a “Declaration of ENS Conformity”. No external audit is required.
- INTERMEDIATE/HIGH. The auditor’s report determines the level of compliance with the royal decree, identifies any deficiencies, suggests any corrective or additional measures that may be necessary and provides recommendations as appropriate. This audit must be carried out every two years and results in a “Certificate of ENS Conformity”.
For further information, please contact email@example.com.