Shall we talk?

Cybersecurity · CESCE Risk analysis as a common denominator

Our project at CESCE represents a real example that demonstrates the effectiveness of our "Integrated IT Security and Compliance Management Model" under a common axis: risk analysis and management.

Cybersecurity · CESCE
Cybersecurity · CESCE

At CESCE, we deploy our global IT Security and Compliance strategy

A paradigmatic project in which we manage to combine synergies and common aspects between the ISO 27001 standard and the different security (National Security Scheme) and privacy regulations (General Data Protection Regulations). From the design phase to the final audit, through the entire implementation and monitoring process, the project has been successfully completed, achieving ISO 27001 certification of CESCE’s Information Security Management System (ISMS).

Under the approach of security risk analysis as one of the common axes to the different regulations, we proceeded to apply the internationally recognized methodology MAGERIT and the tool PILAR. By approaching the risk analysis and management process under this multi-standard vision, we obtained a single roadmap to carry out security and privacy initiatives, achieving maximum efficiency.

Cybersecurity · CESCE


CESCE (Compañía Española de Seguros de Crédito a la Exportación) is one of the most important commercial risk management firms in Spain, present in 9 countries. Header of a group of companies that offers integral solutions for commercial credit management in part of Europe and Latin America. It is the 4th Group in the world and the 2nd in Spain in terms of credit and surety.

CESCE is also the Spanish Export Credit Agency (ECA) that manages export credit insurance on behalf of the State in Spain.

Precisely because of its nature as a state-owned company, CESCE must pay special attention to the obligations in the field of Information Security by implementing a system based on the code of practices defined in the UNE-ISO/IEC 27001 standard.

Cybersecurity · CESCE
Cybersecurity · CESCE

Multiple needs with a common denominator

CESCE raised the need to cover 3 basic axes for the adequacy of the processes and security management of its Information Systems in accordance with current regulations:

  • Design, implementation and certification of the Information Security Management System (ISMS), according to the UNE-ISO/IEC 27001 standard. A key requirement is to obtain such certification in the current year (2018).
  • Risk analysis and improvement of internal processes to reduce the level of risk in the treatment and use of information.
  • Compliance with the Spanish regulations that came into force, the General Data Protection Regulation (GDPR), as well as the National Security Scheme (ENS).

At this point, we approach this project under our comprehensive approach of Security and Compliance, starting from risk analysis.

We deploy 3 lines of action

  • ISMS Design

    ISMS Design

    Analysis, design, implementation and audit of an ISMS. Thanks to this action, CESCE obtained its ISO 27001 certification, without any remedies and in record time.

  • GDPR and ENS

    GDPR and ENS

    Inclusion of the requirements of the ENS and GDPR in the plan to achieve compliance.

  • Implantation ePULPO

    Implantation ePULPO

    A tool that will allow them to optimize the processes, centralization and monitoring of the organization’s information security management.

We tell you about this experience at CNIS 2018

Related Services

  • Strategic security. Governance, risk and compliance

    Strategic security. Governance, risk and compliance

    IT Consulting ranging from Information Security Management System (ISMS) – ISO 27001, National Security Scheme (NSS), Data Protection Regulation: GDPR and LOPD-GDD, PCI-DSS and PSD2, PIC Law and NIS Law, Risk Analysis and Security Master Plan, BIA, Continuity Management (ISO 22301) and DRP, Virtual CISO, Virtual DPO and PMO for Cybersecurity, Training and awareness-raising.

    More about this service

Related Products

Related Insights