Government, Risk and Compliance
Companies must face challenges globally and design strategies that connect all cybersecurity needs.
Putting together a set of protocols, guidelines and good practices that strengthen the organization and allow it to effectively protect its data and infrastructures is a priority objective.
The Good Practices of GRC (Government, Risk and Compliance) establish the framework for the improvement of the cybersecurity of companies. The large amount of legislation on the subject and the different cybersecurity schemes to be complied with require the establishment of appropriate mechanisms to ensure its compliance and the continuity of our activity.
Security Master Plan
As Seneca said: “There is no favorable wind for the ship that does not know where it is going”. Companies need a roadmap that raises their cybersecurity standards and maintains them over time, and that is the objective of the Security Master Plan. The Master Plan covers the security of an organization from the organizational, technical, physical, logical and legal perspective, without forgetting the most important aspect for its success: the human factor.
We start with an in-depth study of the security status of the company, including both On Premise and Cloud environments. Ethical hacking helps us identify holes and areas for improvement. With the conclusions, we prepare a diagnosis and list a set of initiatives and projects ordered according to cost and priority in the short, medium and long term.
All work is carried out on the basis of international security standards. Our Security Master Plan not only optimizes the security of a company, but also adapts to its evolution to offer the best guidance at each stage of its growth.
Continuity Plan
One basic aspect to guarantee the company’s activity is the definition of the Business Continuity Plan (BCP).
Compliance with security regulations is key to good governance in cybersecurity. At S2 Grupo we offer consulting and auditing services to comply with current legislation in our field: the European General Data Protection Regulation, the Organic Law on Data Protection and Digital Rights Guarantees, as well as other applicable regulations.
We also specialize in getting organizations the certificates they need to perform their activity, in the area of information and infrastructure security. Check out all the cybersecurity standards and frameworks we help you comply with:
Information Security Management System including CLOUD – ISO 27001
At S2 Grupo we are experts in preparing companies to obtain certificates and pass audits successfully, a reflection of the high security standard we apply in our work with organizations. ISO 27001 is the international standard that defines the requirements for establishing, implementing, maintaining and improving an information security management system.
We are specialists in the design and implementation of Information Security Management Systems, providing support to organizations in defining the policy and scope of the system and in the design of the documentary support to the system itself. We accompany companies in their certification audits as external advisers and we carry out previous internal audits to ensure success in obtaining the certificate.
Other management systems:
Good practices for information security controls for cloud services.
Good practices for the protection of personal data by cloud providers..
National Security Scheme
The National Security Scheme (ENS) approved by Royal Decree 3/2010 is the reference with which public administrations must measure the level of security of their information systems.
At S2 Grupo we help administrations to adapt to the National Security Scheme so that they guarantee the security of their services to all citizens. In the event that the Public Administrations work with private companies as service providers, they must also comply with the ENS and can request our help.
The process of Adaptation to the ENS culminates in obtaining the Certificate of Conformity, both in public and private companies. To achieve this, we follow this proven methodology:
Situation analysis
Evaluation of compliance with the EN
Risk analysis and management
Plan of adaptation to the ENS
Adaptation to the ENS
ENS certification support
General Data Protection Regulations
S2 Grupo offers consulting and auditing services to comply with the European General Data Protection Regulations, the Organic Law on Data Protection and Digital Rights Guarantees. These legal guidelines oblige companies to carry out a multitude of plans and studies, including the following:
Comprehensive adaptation plans
Risk analysis in the field of privacy
Risk treatment plans
Review of contracts, web clauses and applicable legal documentation
Preparation or updating of the Register of Processing Activities.
Privacy Impact Assessments
Security awareness plans
DPD Service
OT Services
In many cases, cybersecurity is not taken into account in the design of industrial infrastructures. This limits the implementation of measures once the system is operational; it is therefore necessary to consider security as a further stage in design and engineering (Security-by-Design).
We work with our clients to define the cybersecurity requirements that should be part of the engineering process and we verify that they have been taken into account in the design:
First of all, we prepare a document of technical, organizational and procedural requirements. We contemplate all the necessary cybersecurity requirements based on an agreed reference framework and the documentation provided by the client. We assess that the above requirements have been met. We identify deficiencies and propose the appropriate complementary measures.
The objective of this service is to incorporate cybersecurity in the first phases of an infrastructure project or industrial system, and to do so with the greatest guarantees.
Critical Infrastructure Law
At S2 Grupo we have products for Critical Operators that need to comply with Law 8/2011 (PIC Law) and Royal Decree 704/2011 (PIC Regulation) on Protection of Critical Infrastructures. Our products can meet the following requirements for you:
Carrying out and updating the Operator’s Security Plans (PSO) and Specific Protection Plans (PPE).
Preparation of a Security Master Plan, which in turn allows the Treatment Plan to be carried out effectively.
Definition of security policies and procedures
Compliance with Royal Decree-Law 12/2018 (NIS Directive)
Carrying out industrial technical audits and penetration tests
Monitoring, surveillance, early warning and incident management through S2 Grupo-CERT
NIST Cybersecurity Platform
VDA ISA
We help you apply and follow the advice of the NIST Framework. NIST CSF (NIST Cybersecurity Platform) is a framework for improving cybersecurity in critical infrastructures. At S2 Grupo we carry out an analysis of your status using the NIST methodology and develop an Initiatives Plan with specific actions and projects, which become your guide to increase company security and improve risk management and reduction.
VDA ISA is the information security reference of the German Association of the Automotive Industry. We collaborate with companies that design, develop and manufacture components for the automotive industry, and help them develop, implement, audit and improve the security management of their corporate information, which also extends to partners and customers. With us you will get your company to pass the VDA ISA certification audit with flying colors.