Organic Law on Protection of Personal Data
COMPLIANCE AUDIT OF ROYAL DECREE 1720/2007 DEVELOPING THE ORGANIC LAW OF DATA PROTECTION (COMPLIANCE WITH RDLOPD). THE RDLOPD COMPLIANCE AUDIT MUST BE PERFORMED, UNDER THE PROVISIONS OF ARTICLE 96, EVERY 2 YEARS
In this type of audit the technical/legal team of S2 Grupo analyzes compliance with the requirements of the Royal Decree and the main aspects of the development of the Law 15/1999 on each organization, issuing the mandatory report in each case.
The regulation implementing the law is a regulation of minimum conditions as stated in the same and in this sense establishes the obligation to audit the implementation of the controls specified in the regulation itself and only for files containing data of medium and high level. The Organic Law on Data Protection, Article 9 establishes the need to ensure the security of personal data “given the state of technology, the nature of the data stored and the risks they are exposed to…” so that leaves open the need to expand both the scope of the audit and the area of its application.
The RDLOPD audit services from S2 Grupo are designed according to the needs and possibilities of each client within the framework of action permitted by law.
National Security Scheme
The National Security Scheme approved by Royal Decree 3/2010 (hereinafter ENS) has come to set the benchmark against which public authorities must measure the level of security of their information systems, assessing the security measures to be implanted according to their categorization, according to the criteria established in the ENS and the security dimensions relevant to the systems to be protected.
Conformity to the National Security Scheme aims to assist governments to ensure security in the services they offer to citizens.
Our projects are implemented, if the customer does not have a corporate management tool in our tool tiké®; providing the maximum correct implementation and ongoing management of the entire system.
Critical Infrastructure Protection Act
S2 Grupo offers IICC operators the necessary support to fulfill the LPIC and its corresponding Development Regulation; implementing and maintenance of the Operator Security Plans and Specific Protection Plans, with an outline of audit and control and, above all these activities, the definition, implemented and maintained in time, of a Security Management System for critical infrastructure, which ensures continuous improvement on the basis of different standards (ISO 27001, ISO 28000…), always depending on the strategic sector for the operator.
In the tasks related to the different plans, S2 Grupo provides its clients with issues such as the definition of policies and security mechanisms, risk analysis, the deployment of safeguards… always with a convergent view of security, considering both logical aspects as physical, organizational or legal. All with a special emphasis on tasks related to training and security awareness, as expressly indicated in the relevant legislation. In addition, S2 Grupo is able to define, deploy and operate the various security measures from S2 Grupo-CERT (monitoring and security surveillance, management and operation of engineering controls, technical audit, early warning, incident management…) as well as providing comprehensive IICC security management platforms from S2 Grupo control and management products.
S2 Grupo develops the project for this by taking into account various stages.
S2 Grupo offers advice on designing a suitable Prevention Model and Crime Detection in the Organization. Having identified the business lines and crossed them with the potential possible crimes that could be committed within them, the catalog of offenses to which the organization can be more exposed to based on its activities will be identified by way of “decision matrices” with “a risk-based approach”, giving priority to the same criteria of impact, probability and relevance.