Personal data protection
The General Data Protection Regulation (EU) 2016/679 (hereinafter, RGPD), on the protection of individuals with regard to the processing of personal data and the free circulation of such data and repealing Directive 95/46 / EC, came into effect on May 25, 2018, with the aim of establishing a standard in the processing of personal data at the European level.
In order to comply with the new legal requirements in this area, S2 Grupo offers the adaptation service to the new personal data protection regulation. To this end, a multidisciplinary team from S2 Grupo, made up of lawyers who are experts in new technologies and security consultants, performs a differential analysis of the RGPD in which the customer’s situation is analyzed in detail with respect to the new regulations. As a result, the necessary lines of action for the adaptation are identified and, in collaboration with the client, the necessary actions are taken to guarantee an adequate degree of compliance.
Among other actions, the RGPD introduces the need for a risk-based analysis of security measures and therefore one of the actions will be to carry out a risk analysis in order to identify the appropriate security measures to ensure an adequate level of risk, “taking into account the state of the art, the costs of application and the nature, scope, context and purposes of the processing, as well as risks of varying probability and severity to the rights and freedoms of natural persons.”
Always guaranteeing an adequate level of compliance, data protection consultancy services are designed according to the needs, context and possibilities of each client, in accordance with the current data protection regulations.
National Security Scheme
The National Security Scheme approved by Royal Decree 3/2010 (hereinafter ENS) has come to set the benchmark against which public authorities must measure the level of security of their information systems, assessing the security measures to be implanted according to their categorization, according to the criteria established in the ENS and the security dimensions relevant to the systems to be protected.
Conformity to the National Security Scheme aims to assist governments to ensure security in the services they offer to citizens.
Our projects are implemented, if the customer does not have a corporate management tool in our tool tiké®; providing the maximum correct implementation and ongoing management of the entire system.
Critical Infrastructure Protection Act
S2 Grupo offers IICC operators the necessary support to fulfill the LPIC and its corresponding Development Regulation; implementing and maintenance of the Operator Security Plans and Specific Protection Plans, with an outline of audit and control and, above all these activities, the definition, implemented and maintained in time, of a Security Management System for critical infrastructure, which ensures continuous improvement on the basis of different standards (ISO 27001, ISO 28000…), always depending on the strategic sector for the operator.
In the tasks related to the different plans, S2 Grupo provides its clients with issues such as the definition of policies and security mechanisms, risk analysis, the deployment of safeguards… always with a convergent view of security, considering both logical aspects as physical, organizational or legal. All with a special emphasis on tasks related to training and security awareness, as expressly indicated in the relevant legislation. In addition, S2 Grupo is able to define, deploy and operate the various security measures from S2 Grupo-CERT (monitoring and security surveillance, management and operation of engineering controls, technical audit, early warning, incident management…) as well as providing comprehensive IICC security management platforms from S2 Grupo control and management products.
S2 Grupo develops the project for this by taking into account various stages.
S2 Grupo offers advice on designing a suitable Prevention Model and Crime Detection in the Organization. Having identified the business lines and crossed them with the potential possible crimes that could be committed within them, the catalog of offenses to which the organization can be more exposed to based on its activities will be identified by way of “decision matrices” with “a risk-based approach”, giving priority to the same criteria of impact, probability and relevance.