More than 50 ENAC accreditations providing guarantees for effective ICT control and security
Information has become one of companies’ main assets and protecting it is crucial for ensuring that company activities are not affected. Therefore, the International Information Security Day (ISD), every November 30, aims to raise awareness of the importance of protecting information through a series of security measures in its operating systems and environments and adopting good practices that favour protecting information.
An area in which assessment and control activities play a great role, as they help to guarantee the equipment and communication system’s safety, functionality, and operability; information security, confidentiality, integrity, and availability; and user protection. However, the value that these assessments can bring to companies depends on the good work and competence of the bodies that carry them out. The Spanish market already has more than 50 ENAC-accredited bodies, which have demonstrated their technical competence to assess products and services related to information security.
Among the examples of the ENAC-accredited activities, we find the information security management systems certification, testing and security certifications of products and information technology systems in accordance with standards such as Common Criteria or Lince that assess the ability of an ICT product to treat information securely, the certification of software development processes in SMEs or software quality testing.
It is also worth noting the growing importance of cybersecurity in most government agendas, since, at times, it can affect National Security. Therefore, EU Regulation 2019/881, better known as the "Cybersecurity Act", which aims to strengthen the fight against cybersecurity threats and attacks gives accreditation a central role, as it creates a European cybersecurity certification framework to create a single digital market for products, ICT services and processes where it only has the option of accredited certification, regardless of who the certification body is that will operate it.
Nationally, the National Security Scheme (Esquema Nacional de Seguridad, ENS) establishes the basic principles and minimum requirements, as well as the protection measures to be implemented in the Public Administration systems and is also applicable to private sector operators that provide services or provide solutions to public bodies. The requirement of ENAC accreditation was established, to provide maximum guarantees, for certifying bodies acting within this scheme's framework.
In addition, EU Regulation No 910/2014, eIDAS, for electronic identification and secure services for electronic transactions in the internal market, has established accreditation to ensure the technical competence, operability and impartiality of bodies that audit and certify providers of electronic identification services.
Accreditation News is published quarterly and sent to organizations and to people who have asked to be included on its mailing list.
Would you like to receive a free copy of Accreditation News? Subscribe here.