S2 Grupo is a consultancy firm specialized in the provision of Information Security in all areas, which has certified its Information Security Management System AENOR UNE-ISO / IEC 27001: 2007, one of the first Spanish technological consultancy firms in obtaining this seal.
S2 Grupo has a Quality Management System (according to ISO 9001: 2000) integrated with its Information Security Management System and certified by AENOR. This integrated Management System, demonstrates the ability of S2 Grupo to carry out successful projects be it consulting or auditing and secure software development, ensuring customer satisfaction through its effective application.
The software development team of S2 Grupo consists of more than 15 professionals specialized in different areas of technology and security as a differential aspect in its way of working. The team has experience in the field of product development, development of customized software projects, R&D+i projects, audit and security assessment and certification of software.
The development methodology at S2 Grupo is part of its management system, certified according to the UNE-ISO / IEC 27001: 2007 and ISO 9001: 2000 and is in process of implementing a model CMMI. S2 Grupo works with an Agile Methodology by which it establishes the concepts of incremental development, cooperative (user-development) and adaptable software. It promotes teamwork, caring for learning and fostering a good working environment based on continuous feedback between the client and the user, fluid communication between all participants, and awareness to embrace change.
Software Quality Assurance
In order to ensure the quality and safety levels in software development, S2 Grupo has an automatic platform for continuous integration of code and evaluation of the quality and safety of the same by static methods. This assessment is complemented by manual code analysis and software security audits in pre-production and production environments.
- Support in the software development process. The S2 Grupo team assumes the security functions of the Software Development Cycle:
- Security requirements analysis
- Safe Design and architecture (evaluation)
- Threat modeling. Risk analysis
- Data Protection. Legal requirements. Licenses.
- Secure programming. Recommendations and code review. Static analysis
- Conditions for safe deployment
- Security audit prior to the start of production
- Development of guidelines and standards for safe development. Recommendations for secure software development
- Assessments of existing software security. Audits. Code analysis
- Certification services. Through an evaluation of the software generated before putting them into production