Government, Risk and Compliance

Companies must face challenges globally and design strategies that connect all cybersecurity needs.

Putting together a set of protocols, guidelines and good practices that strengthen the organization and allow it to effectively protect its data and infrastructures is a priority objective.


The Good Practices of GRC (Government, Risk and Compliance) establish the framework for the improvement of the cybersecurity of companies. The large amount of legislation on the subject and the different cybersecurity schemes to be complied with require the establishment of appropriate mechanisms to ensure its compliance and the continuity of our activity.

OT Services

In many cases, cybersecurity is not taken into account in the design of industrial infrastructures. This limits the implementation of measures once the system is operational; it is therefore necessary to consider security as a further stage in design and engineering (Security-by-Design).

We work with our clients to define the cybersecurity requirements that should be part of the engineering process and we verify that they have been taken into account in the design:

First of all, we prepare a document of technical, organizational and procedural requirements. We contemplate all the necessary cybersecurity requirements based on an agreed reference framework and the documentation provided by the client. We assess that the above requirements have been met. We identify deficiencies and propose the appropriate complementary measures.

The objective of this service is to incorporate cybersecurity in the first phases of an infrastructure project or industrial system, and to do so with the greatest guarantees.

Critical Infrastructure Law

At S2 Grupo we have products for Critical Operators that need to comply with Law 8/2011 (PIC Law) and Royal Decree 704/2011 (PIC Regulation) on Protection of Critical Infrastructures. Our products can meet the following requirements for you:

Carrying out and updating the Operator's Security Plans (PSO) and Specific Protection Plans (PPE).

Preparation of a Security Master Plan, which in turn allows the Treatment Plan to be carried out effectively.

Definition of security policies and procedures

Compliance with Royal Decree-Law 12/2018 (NIS Directive)

Carrying out industrial technical audits and penetration tests

Monitoring, surveillance, early warning and incident management through S2 Grupo-CERT

NIST Cybersecurity Platform


We help you apply and follow the advice of the NIST Framework. NIST CSF (NIST Cybersecurity Platform) is a framework for improving cybersecurity in critical infrastructures. At S2 Grupo we carry out an analysis of your status using the NIST methodology and develop an Initiatives Plan with specific actions and projects, which become your guide to increase company security and improve risk management and reduction.

VDA ISA is the information security reference of the German Association of the Automotive Industry. We collaborate with companies that design, develop and manufacture components for the automotive industry, and help them develop, implement, audit and improve the security management of their corporate information, which also extends to partners and customers. With us you will get your company to pass the VDA ISA certification audit with flying colors.

Request more information about this service

Contact us

Other related services