Become compliant with Qalea

ENS: Esquema Nacional de Seguridad

Spain’s security requirement for public contractors.

BOOK A DEMO

ENS from zero to audit, with Qalea.

Get in touch with Qalea expert who will listen and learn about your business needs.

esquema nacional de seguridad - qalea
  • Talk to an expert
  • Discover the platform

Book A Demo

Leave us your data and we will get in contact with you shortly.




    The necessary certification to work with the Spanish Administration

    Get compliant today with the certification required to become a public contractor in Spain.

    What is it?

    The regulation (RD 311/2022) that establishes the minimum information security requirements to work with Spain's Government.

    Link to RD 311/2022

    Who needs it?

    Any company that wants to participate in tenders concerning IT services, or other technology-relevant services.

    How to get it?

    A certified audit firm will check every 2 years how your organization complies with the requirements in the law.

    List of certified auditors

    ENS has different levels. Do you know which one you need?

    The Spanish Government has defined three levels of implementation: you should decide first which one you need.

    If you are applying to a public tender, we recommend you to check the tender provisions to find out the required level.

    Basic level is applied when an incident in IT systems and data would have a limited impact.

    Main measures to be implemented are:

    • The minimum protection measures to react against common threats, such as virus and malware.
    • Access control for employees, when accessing to company’s systems and information.

    Mid level is applied when an incident would have a significant impact, but essential services wouldn’t be compromised.

    Among others, here are the main measures to be implemented:

    • Protection measures against sophisticated threats, such as data leakage or denial of service attacks.
    • Authentication control, to grant only the specifically authorized personnel can access information and systems.
    • Continuous monitoring of systems and recurrent audits to ensure proper incident response.
    • Protection of communications and data, both in transit and at rest.

    High level is applied when an incident would have critical impact, involving loss of classified information or disruption in essential services that could compromise state security.

    Requirements are much more demanding, with emphasis on:

    • Advanced encryption measures.
    • Highly restrictive access control measures.
    • A highly robust incident response procedure, to allow business continuity in case of an attack.
    HOW IT WORKS

    From zero to certification step by step.

    Qalea guides you through the process of getting certified in ENS. In just a few months.

    Assess the organization

    One Qalea expert takes a deep look into your organization processes and technology.

    STEP 1
    Company Adecuation

    As per the previous assessment, we deploy the exact processes and tech you need to cover the gaps with ENS.

    STEP 2
    Preliminary Audit

    Prior to the certification audit, an expert performs an internal audit to find any gaps before the final audit.

    STEP 3
    Audit

    A certified body will audit your organization to prove you comply with ENS, with the assistance of Qalea.

    STEP 4
    With All-In-One on it

    What elements do I need to get ready for audit?

    ENS isn't just paperwork. We have all you need to adecuate your company for audit, with a single platform.

    Protection Tech

    ENS requires an extensive set of cyber protection tools to protect users, infrastructure and other assets. Qalea platform has the exact technology stack for your certification.
    Learn more

    Procedures

    Your organization's policies and procedures must be adapted to the ENS requirements. Our platform has all templates, so you don't have to start from scratch.
    Learn more

    Trained People

    In the audit, you must prove that all personnel, from employees to directors, are familiar with the information security measures. Qalea can train your personnel and support you during audits.
    Talk to us
    THE ALL-IN-ONE PLATFORM

    Automate everything. Eliminate 80% of the work.

    Qalea takes care of your compliance, you grow your business.

    0 hours

    Cyber safe, in autopilot.

    0 %

    Less work of your IT team.

    0 %

    Audit Success.

    DISCOVER THE PLATFORM

    Automate compliance with Qalea

    Do you know how much you really spend on complying with a standard? With Qalea, your team can focus on their daily business. 

    Book A Demo
    CUSTOMER STORIES

    Learn how this process was in other companies like yours.

    Find out how our customers solved their certification challenges with our help.

    “Qalea manages the security of our company while we focus in our core business. In this way, we are compliant with applicable regulations of our industry without internal resources”.

    Ignasi Vilajosana CEO of Worldsensing

    “So far, Qalea has successfully deployed all the necessary technologies and processes so we are compliant. Without any hidden or extra costs. Qalea did their job, while our tech team didn’t get distracted from their role: building product.”

    Joaquín M. Fernández COO of Build38
    START TODAY

    Get protected and build trust. Easy, with Qalea

    We handle your cybersecurity and help you prove it with standards. You focus on your business.