Spanish National Security Framework
The SPANISH NATIONAL SECURITY FRAMEWORK aim is to establish security policy on the use of electronic means and consists of basic principles and minimum requirements allowing adequate protection of information.
The purpose of SPANISH NATIONAL SECURITY FRAMEWORK is, the creation of the necessary conditions of confidence in the use of electronic means, through measures to ensure the security of systems, data, communications and electronic services, allowing citizens and public administrations, the exercise of rights and fulfillment of duties through these means.
The Royal Decree provides and regulates the determination of the security dimensions and their levels, the category of information systems security measures to be implemented and the obligation to perform a security audit on a regular basis. It also foresees the mechanism to determine the state of security in public administrations and services to respond to security incidents.
The development of SPANISH NATIONAL SECURITY FRAMEWORK has been made taking into account national legislation (eGovernment, Protection of Personal Data, Electronic Signature, National Cryptologic Center, Information Society) and the regulation of different instruments and Services Administration, the guidelines and OECD guidelines and national and international provisions on standardization.
The scope of the SPANISH NATIONAL SECURITY FRAMEWORK is set out in Article 2 of Law 11/2007:
- To the General State Administration Administrations of the Autonomous Communities and entities comprising Local Administration, as well as public law entities linked or dependent on them.
- Citizens in their dealings with government.
- In the relations between the various public authorities.
- Excluded from the scope of SPANISH NATIONAL SECURITY FRAMEWORK are the systems that treat classified information regulated by Law 9/1968 of 5 April, Official Secrets and its implementing rules.
- Complying with regulations
- Knowing in detail what the situation is regarding the NHIS
- Implementing controls that are necessary through detailed planning
- With the monitoring service you will maintain, update and revise security policies