The new National Security Scheme has been updated and improved under Royal Decree 311/2022 published on 4 May 2022. The new RD that regulates this scheme updates the previous RD 3/2010 ? ENS and its subsequent amendment RD 951/2015.
What is the National Security Scheme?
The National Security Scheme is the framework that provides the necessary and sufficient conditions to give citizens and businesses confidence in the use of government electronic media.
To this end, it establishes a series of measures that guarantee the security of electronic systems, data, communications and services, allowing the exercise of rights and the fulfilment of duties through these means.
The scheme establishes the security policy in the use of electronic media and consists of basic principles and minimum requirements that allow for adequate protection of information systems, services and information.
It is inspired by the ISO 27000 family of standards and, more specifically, by ISO 27001, so its structure and application responds to the PDCA-Continuous Improvement Cycle model, based on risk analysis and implementation of measures/controls.
Who does it apply to?
The National Security Scheme applies to both public and private entities. It is mandatory for public entities, both for Local entities (City Councils), Regional Administrations, as well as State Administrations (Ministries).
The new ENS represents an evolution that allows for adaptation to emerging technologies, and protects the information of both public administrations and private sector companies that provide services to them as part of the supply chain.
This will minimise the risk of security breaches or breaches of security, which are of increasing concern, caused by, among other things, localised errors in critical systems of organisations. These, moreover, can lead to financial losses and, even worse, reputational losses.
The benefit and its certification for organisations is to have a managed and controlled system with measures that ensure the correct protection of information systems against threats and incidents, both internal and external.
What are the main novelties?
With the new National Security Scheme, from now on, organisations implementing this new regulation will improve the way they manage their information systems.
This entails raising the information security awareness of all public administration employees, as well as of the companies providing services to public administrations, helping to reduce the security breaches that all too often occur.
It should be noted that from May all new implementations must be carried out under its umbrella. On the other hand, as of May 2024, the certificates obtained under RD 3/2010 will cease to be valid. Therefore, public or private entities that provide services to public entities have 24 months to certify the conformity of the Information Systems with the new ENS.
We help you to obtain the new National Security Scheme certification
At Bosonit we are prepared to help in the adaptation and obtaining of the certification of the new National Security Scheme, accompanying public entities in their implementation projects and audits of the National Security Scheme.
We have the expert profiles that will accompany you from start to finish, until the achievement of the objectives set for obtaining the certification of the new ENS.