Skip to content
CertENS
ES
Service · Implementation

ENS implementation

From paper to auditable evidence

End-to-end rollout of the Spanish National Security Scheme: asset inventory, system categorisation, deployment of Annex II technical and organisational controls, and drafting of every policy needed to pass the certification audit on the first attempt.

Request free assessment

For any ENS category (Basic, Medium or High)

What's included

Scope, deliverables and timeline are fixed upfront. No surprise costs.

  • Kick-off and interviews with IT, HR, legal and business owners
  • Asset inventory and scope of the system
  • Categorisation under Annex I (5 dimensions)
  • PILAR-based risk analysis (MAGERIT v3)
  • Deployment of technical controls (encryption, access, monitoring, hardening)
  • Deployment of organisational controls (committees, roles, procedures)
  • Security Policy and user regulations
  • Statement of Applicability with per-control justification
  • Documented change management
  • Handover and training of the internal team

Deliverables

Everything delivered in editable format. If tomorrow you change providers, your work stays with you.

  • Categorisation report
  • Risk analysis export (PILAR / Excel)
  • Security Policy signed off by top management
  • Statement of Applicability (SoA)
  • STIC procedures: incidents, access, continuity, logging…
  • Adaptation plan with milestones and owners
  • Evidence checklist ready for the auditor
FAQ

FAQ for this service

Which comes first: implementation or documentation?
They go hand in hand. As each control is implemented, we generate the corresponding evidence and procedure, so documentation faithfully reflects what's really in place.
Do I need to buy PILAR for the risk analysis?
PILAR is free for the public sector and applicable to most environments. If it doesn't fit, we can run the analysis with an equivalent MAGERIT v3 template.
How much internal time will you need from my team?
It depends on the category. For Basic, 4-6 weekly hours from the IT lead. For Medium, 8-10. For High, one partially-dedicated person.
Do you work with cloud (AWS, Azure, GCP)?
Yes. Most of our projects include public cloud. We leverage frameworks like CCN-STIC 823 (cloud-service use) to simplify the work.

Other services

Audit escort

Internal pre-audit, evidence preparation and on-site support during the ENAC-accredited certification audit.

See details →

ENS documentation

Security policy, SoA, Risk Analysis (MAGERIT/PILAR) and STIC procedures ready to submit as evidence.

See details →

Training & maintenance

ENS best-practice training for staff and ongoing support for continual improvement, annual monitoring and biennial recertification.

See details →

Ready to get ENS certified?

Free, no-commitment initial assessment. We reply within 24 business hours.

Request assessment info@certificacionens.eu