Skip to content
CertENS
ES
ENS consultancy · RD 311/2022

Achieve ENS certification without losing business focus

We implement the Spanish National Security Scheme, prepare your audit and escort you to certification with an ENAC-accredited body. Basic, Medium or High.

Request free assessment See process
+120
ENS projects delivered
100%
First-time certification rate
<90d
Avg. time Basic → certified

Aligned with the official framework

RD 311/2022 CCN-STIC 809 ENAC CCN-CERT MAGERIT v3 ISO/IEC 27001
What we do

Services

One team covers the full ENS lifecycle: assessment, implementation, documentation, training and audit.

ENS implementation

Gap analysis, system categorisation (Annex I) and rollout of all 73 Annex II controls, with CCN-STIC-aligned policies and procedures.

See details

Audit escort

Internal pre-audit, evidence preparation and on-site support during the ENAC-accredited certification audit.

See details

ENS documentation

Security policy, SoA, Risk Analysis (MAGERIT/PILAR) and STIC procedures ready to submit as evidence.

See details

Training & maintenance

ENS best-practice training for staff and ongoing support for continual improvement, annual monitoring and biennial recertification.

See details
How we work

Our process

A method proven across 120+ projects. Transparent, measurable and surprise-free by the time the auditor arrives.

  1. Assessment

    Interviews with IT, legal and security leads. Asset inventory and gap analysis against Annex II. Output: report with proposed category and plan.

  2. Adaptation plan

    Controls prioritised by ENS category, milestones, owners and schedule. Approved by the Security Committee.

  3. Implementation

    Rollout of technical and organisational controls. Drafting of policies, procedures and STIC. Risk analysis in PILAR.

  4. Pre-audit

    We simulate the certification audit with one of our external auditors. Non-conformities are closed before the real visit.

  5. Audit and maintenance

    We attend the ENAC-accredited audit with you. After certification, ongoing monitoring and biennial recertification prep.

Why us

Why CertENS?

100% ENS focus

We are not an ISO shop doing ENS on the side. ENS (and adjacent frameworks like NIS2 or ISO 27001) is all we do.

No forever-consulting

Concrete deliverables per milestone, closed fees and realistic timelines. Our quote is what you pay.

Auditors and lawyers

Mixed team: CISA auditors, CCN-certified implementers and lawyers specialising in public sector and data protection.

Real handover

We train your team so, after certification, you can sustain the system without depending on us.

Blog

Latest posts

Practical articles on ENS implementation, audit and evolution.

See all articles
News

ENS 2026: trends and expected updates

What's changing in ENS in 2026: NIS2 consolidation, AI Act integration, evolution of the CCN catalogue, and reinforced supply-chain expectations.

6 min
News

ENS and NIS2: how both regulations fit together in 2025

Practical mapping of ENS and NIS2 for Spanish organisations facing both: overlaps, specific NIS2-only requirements and an integrated compliance approach.

7 min
Use cases

Public-sector providers: why you need ENS to win tenders

How the ENS has become a de facto requirement for providers bidding on Spanish public-sector contracts — what's mandatory, what's practical and how to get certified in time.

6 min
FAQ

Frequently asked questions

What is the Spanish National Security Scheme (ENS) and who must comply?
The ENS (governed by Royal Decree 311/2022) is the mandatory information-security framework for the Spanish public sector and for providers delivering services to it. It applies to all levels of the public administration and to suppliers handling public-sector information or services.
How long does an ENS certification take?
For Basic, 2-3 months from assessment to audit. For Medium, 4-6 months. For High, 6-9 months. Timelines depend on the starting state and the client team's availability.
Is certification mandatory, or is a Declaration of Conformity enough?
It depends on the category: Basic only requires a Declaration of Conformity; Medium and High require formal Certification by an ENAC-accredited body.
Who performs the certification audit?
A certification body accredited by ENAC (the Spanish national accreditation entity) under the ENS certification scheme. We attend the audit with you, present evidence and handle any non-conformities.
What is the difference between ENS Basic, Medium and High?
Categories are determined by the maximum impact across five security dimensions (confidentiality, integrity, traceability, authenticity, availability) following Annex I of RD 311/2022.
Can I reuse my ISO 27001 to get ENS certified?
Partially. Many controls overlap, but ENS has specific requirements (Annex II catalogue, CCN-STIC measures). We can cross-map them to minimise effort.
How much does ENS certification cost?
It depends on category, size and starting security posture. Our initial assessment gives you a fixed-price proposal.
Does ENS certification need to be renewed?
Yes. The certificate is valid for 2 years, with an annual surveillance audit. Our maintenance contract prepares you for every renewal cycle.

Ready to get ENS certified?

Free, no-commitment initial assessment. We reply within 24 business hours.

Request assessment info@certificacionens.eu