ENS Audit and Assessments; we are ready when you are! Call +1 (888) 896-7580 today.

Lazarus Alliance will coordinate directly with your organization to schedule your National Security Framework (ENS) assessment. Our assessors will help identify the level of the certification based on your company’s specific business requirements. Your company will be awarded certification at the appropriate ENS level upon demonstrating the appropriate maturity in capabilities and organizational maturity.

The National Security Framework is a mandatory Law for companies in the public sector and their technology suppliers, which lays down the necessary conditions to guarantee trust in the use of electronic media. To this end, it establishes a series of measures that guarantee the security of the systems, data, communications, and electronic services, allowing the exercise of rights and the fulfillment of duties via these media.

The framework establishes the security policy for the use of electronic media and consists of basic principles and minimum requirements that allow adequate protection of information systems, services, and their information.

The National Security Scheme (ENS) is a regulatory and reference framework established in Spain based on Spanish legislation and European regulations related to information security to create the necessary conditions of trust in the use of electronic means through measures to guarantee the security of systems, data, communications, and electronic services, which allows the citizen and the public administration to exercise their rights and fulfill their duties through these media.

For ENS services that reduce costs and leverages the Continuum GRC audit software platform, call +1 (888) 896-7580  to get started.

Just the facts ...

You need to expand your business' cloud services into government markets while minimizing performance and operational risks. Accomplish this with our industry-leading, innovative, and cost-effective ENS services.

Benefits

The benefits of an ENS certification can be summarized as follows:

  • Independent verification that your organization’s information system conforms to the requirements of the internationally recognized and accepted ENS information security standard.
  • Meet the requirements of your customers who require verification of your conformance to ENS standards of practice.
  • Achieve cost savings by utilizing a centrally managed ENS-certified information system that can form the core of various compliance efforts, including NIST 800-53, HIPAA, EUCS, SOC 2, Sarbanes-Oxley, and more.
  • Identify risks to your corporation's information and minimize them.
  • Improve reputation and stakeholder confidence.
  • Increase in information security awareness.
  • Reduce staff-related information security breaches.
  • Stay up-to-date and comply with relevant legislation.

Scoping of the Information System

The ENS standard does not define a particular scope required for the information system, however, a critical component of the certification process is determining the scope of the review. The information system scope is determined by the organization itself and can include a specific application or service of the organization, or the organization as a whole.

The requirements of the standard, including the consideration of the control activities included within the ENS standard, are to be applied only to the scope of the information system under review once it is defined. When the official certification is issued, it will state specifically what the scope of the information system is.

Talk with one of our experts

Our Lazarus Alliance Cybervisor™ teams have experience performing thousands of assessments for organizations providing services to clients around the world.

We're here to answer any questions you may have.

 

ENS Certification Process

Assuming that you have not been certified to ENS before, the initial audit, certification, and maintenance process has several stages:

Initial Certification Review - Stage 1

The initial certification audit consists of two stages. The first stage, often performed onsite at the client location, consists of a policy and process review to determine the readiness of your information system framework to undergo the full audit in Stage 2 of the certification review. This review would include an inspection of all client documents required by the standard.

Initial Certification Review - Stage 2

The second stage of the initial certification audit includes in-depth testing to determine that the information system framework has been implemented appropriately and is monitored and maintained per the ENS standard requirements and internal policies and procedures. This stage is performed at the client location, or multiple locations if required by the scope of the information system. At the end of this Second Stage, Lazarus Alliance will determine whether it will issue ENS Certification to the client. There may also be gaps identified that will need to be addressed before certification can be provided

Surveillance Audit Stage

ENS certification is valid for a two-year term, during which time surveillance audits are required to be completed at a minimum on an annual basis. During the surveillance audits, Lazarus Alliance will conduct a brief onsite review to determine if any significant or relevant changes have been made to the information system, as well as perform limited testing to confirm that the organization is continuing to follow the framework and controls identified in the original certification of the information system.

Re-Certification Stage

Before the expiry of the initial two-year certification term and in subsequent cycles, full re-certification audits will be performed by Lazarus Alliance, to ensure continuity of your certification. The scope of this review and audit will depend on the findings of the surveillance audits and information determined in Stage 1 of the re-certification review.

Audit Timing

The required time for the overall certification process is strongly dependent on the extent to which the organization's Management System is in conformance with the requirements of the ENS standard. Some organizations might be able to obtain certification within a few months of the beginning of the certification review, whereas other more complex organizations and systems may require up to a year to obtain certification.

Lazarus Alliance Certification Services

As an accredited Certification Body (CB), Lazarus Alliance cannot provide any professional consulting services to assist in the design, selection, or implementation of controls to meet the ENS requirements. We are however able to provide the following services in addition to full audit and certification:

ENS Certification Pre-Assessment

A formal Readiness Assessment is not a requirement of certification to the ENS Standard, but it can be helpful in assisting organizations in the process of getting properly prepared for initial certification. The intention of the assessment is to save the organization time and money by identifying deficiencies in its Information Security Management System (information system) before seeking Certification to the ENS Standard.

Many organizations have found this to be an important step in the process of preparing the organization for the formal Certification Audit.

In the pre-assessment, Lazarus Alliance will perform a high-level review of your intended scope, policies, procedures, and control processes to identify gaps in the conformity of your proposed information system to the ENS Standard. The assessment will provide a comparison between all requirements of the Standard and the processes, procedures, and controls you have in place for the design, implementation, operation, and maintenance of your information system. The result will be a report providing clarity on the deficiencies that will need to be addressed before a formal Certification Audit should be attempted.

Next Steps

For organizations considering an ENS certification, the following steps should be considered:

  • Please contact us to better understand the requirements and process for certification.
  • Obtain all applicable ENS series standards that best align with an organization's goals or needs, or utilize a reputable industry GRC solution, such as the Continuum GRC SaaS, which is the first and only FedRAMP Authorized assessment solution in the world.
  • Perform gap analyses either internally or utilizing our services outlined above.
  • Develop a plan for remediation, implementation, and certification.
  • Also, for additional information on Lazarus Alliance, please see our ENS business policy page.

ENS Certification Audits and Assessments; we are ready when you are! Call +1 (888) 896-7580 today.