Ozona Consulting · ISO 20000, ISO 270001, ISO 22301 consultancy

ENS Fundamentals

ENS Fundamentals Training

 

The Spanish National Security Framework (ENS), regulated by Royal Decree 311/2022, sets the security policy for the use of electronic media by public sector entities and their ICT providers. Its compliance is mandatory and verified through audit and certification.

This training introduces the essential concepts of the ENS: scope of application, system categorisation (Basic, Medium and High), basic principles, minimum requirements, security measures by dimension (confidentiality, integrity, authenticity, traceability and availability), and the audit and certification processes.

The course provides a practical view oriented towards implementation, based on the experience of the Ozona Consulting team of consultants in ENS compliance projects in public sector organisations and ICT providers.

KEY FEATURES OF THE COURSE

REGULATORY COMPLIANCE

Complete overview of Royal Decree 311/2022 and associated CCN-STIC guides.

CATEGORISATION AND MEASURES

Application of minimum requirements and measures by dimension according to system category.

AUDIT AND CERTIFICATION

Formal audit processes, statement of applicability and ENS certification.

TARGET AUDIENCE

  • CISO and information security officers (RSI) under ENS
  • Public sector systems and IT managers
  • Internal and compliance auditors
  • ICT providers with services to the public sector
  • Consultants and project managers for ENS adaptation

No prior knowledge required. Level: introductory.

COURSE DETAILS

DURATION AND FORMAT

8 hours, in one day (8h) or two online sessions of 4 hours. Live online or on-site format, in-company or multi-client.

 

LANGUAGE AND MATERIALS

Course in Spanish. Course manual in electronic PDF format.

 

CERTIFICATE

Attendance certificate upon completion of the course.

 

WHAT IS INCLUDED?

  • Training
  • Course manual in electronic PDF format
  • Attendance certificate

COURSE PROGRAMME

8 hours distributed across 3 blocks.

BLOCK 1 · INTRODUCTION TO THE ENS

  • Regulatory context: Royal Decree 311/2022 and European cybersecurity framework.
  • Scope of application: public sector and ICT providers.
  • System categorisation: Basic, Medium and High.
  • Basic principles and minimum requirements.
  • Relationship with other standards: ISO/IEC 27001, NIS2, GDPR.

BLOCK 2 · SECURITY MEASURES

  • Structure of Annex II: organisational, operational and protection measures.
  • Measures by dimension: confidentiality, integrity, authenticity, traceability and availability.
  • Application of measures according to system category.
  • CCN-STIC guides as support for implementation.

BLOCK 3 · COMPLIANCE, AUDIT AND CERTIFICATION

  • ENS adaptation plan.
  • Statement of applicability and mandatory documentation.
  • Compliance audit: scope, evidence and non-conformities.
  • ENS certification and maintenance of the system.
  • Reporting to INES and CCN.

Request information about the ENS fundamentals training

    Interested in an in-company sessionOther editions