Strategic security. Governance, risk and compliance
We align your security strategy with your business objectives
Ingenia's IT Consulting and Security services are the perfect ally to improve the reliability, security and resilience of your organization in the face of constantly evolving threats.
We design security and governance programs that, aligned with your environment and business, will help you stay safe, be vigilant and recover from a security incident.
Our multidisciplinary team of consultants identifies vulnerabilities and evaluates the real risk for your organization, helping you to comply with the most relevant standards and regulations in information security, in a more efficient and effective way.
Information Security Management System (ISMS) - ISO 27001
We help you with the process of implementing an Information Security Management System (ISMS) based on the ISO 27001 standard, from its establishment to its certification, including a subsequent permanent monitoring and follow-up service to ensure continuous maintenance of the system.
National Security Scheme (ENS)
We offer our clients a complete diagnostic, advisory and consultancy service for the adaptation and compliance with the National Security Scheme (ENS – Royal Decree 3/2010 of 8 January modified by Royal Decree 951/2105 of 23 October), which aims to establish the security policy in the use of electronic media and is made up of basic principles for the adequate protection of information.
Data Protection Regulation: GDPR and LOPD-GDD
All companies and public bodies handling personal information are obliged to adopt the requirements of the General Data Protection Regulation (GDPR) – EU 679/2016 (in application since 25 May 2018) and the Organic Law 3/2018, on Personal Data Protection and Guarantee of Digital Rights, of 5 December 2018, approved by the Congress of Deputies.
We offer you a complete range of services aimed at covering the entire life cycle of the processing of personal data, that is, from the phase of analysis of the current situation and adaptation plan to maintenance, including support for implementation and subsequent revisions.
Industry standards: PCI-DSS and PSD2
PCI DSS (Payment Card Industry Data Security Standard), is a security standard published by the PCI Security Standard Council and defines the data protection requirements for payment cards and the technological infrastructure that stores, processes or transports them. It therefore applies to companies that process, transmit or store payment card data (banks, e-commerce, merchants and processors, among others).
The European Union Payment Services Directive 2 (PSD2) legislation, active since 13 January 2018, provides a legal framework for digital payments made in Europe and obliges financial institutions managing a bank payment account to transfer their data to third parties expressly authorised by the holder.
Ingenia, as a company specialized in security services for the financial sector, offers you expert assistance and advice to ensure compliance with PCI DSS and PSD2, from the initial diagnosis phase (GAP Analysis) and implementation plan, to the certification support service, including support for the execution of plan actions and permanent support.
Critical Infrastructure Protection Act (PIC Act) and Network and Information Systems Security Act (NIS Act)
The Critical Infrastructure Protection Law (LPIC, 8/2011) has as its main objective to improve the protection of those infrastructures that are considered critical for the country.
The Royal Decree-Law on Network Security and Information Systems (LNIS, 9/2018), transposes the European Directive NIS 2016/1148 (Security of Networks and Information Systems) into Spanish law, with the main objective of increasing protection against attacks and vulnerabilities in networks and information systems throughout the EU. It affects both essential service operators and digital service providers.
Ingenia offers expert assistance for compliance with both laws, covering the entire life cycle of the project, from the initial diagnosis phase to the design of the roadmap for implementation, support to the action plan and subsequent maintenance.
Risk Analysis and Safety Master Plan
We help organisations to undertake a risk analysis that systematically and homogeneously quantifies the real risks to which information systems are subjected in the face of the different threats, and that allows the identification of actions to reinforce organisational, legal, physical and technical security measures to reduce these risks.
A Safety Master Plan is the set of these actions, scheduled and budgeted to mitigate the identified safety risks.
Business Impact Analysis (BIA), Continuity Management (ISO 22301) and Recovery (DRP)
Today’s organizations depend on IT infrastructures to carry out their activities and develop their business. In the event of any incident that disables these infrastructures (fire, flood, sabotage, vandalism, earthquake, etc.), the continuity of the same could be seriously affected, even becoming unrecoverable within an acceptable period of time.
To be prepared for any disruptive incident, Ingenia offers a series of complementary services that cover the Disaster Recovery Plan (DRP), with the measures that must be adopted so that a business can continue to operate in the event of a disaster and the actions to be taken for restoration.
Additionally, the Business Impact Analysis (BIA), which identifies the criticality and sensitivity to an interruption in the different business processes and, consequently, determines the recovery times associated with each process and the recovery strategies to guarantee them.
We offer you a consultancy service for the implementation of a Business Continuity Management System (BCMS) based on the ISO 22301 standard. From its establishment until the moment of obtaining the certification, this service is completed with a permanent monitoring and follow-up that assures the continuous maintenance of the system.
Virtual CISO, Virtual DPO and Cybersecurity Project Management Office (PMO)
For those clients who, being affected by regulatory requirements, IT standards or information security do not have sufficient internal resources to address compliance or require external expert knowledge, we offer a Technical Office specialized in advising. These are generally services attached to the CISO (Security Officer) or DPO (Data Protection Delegate) of the Organization, so that these profiles can have an expert team of security technicians and consultants who contribute to meeting the requirements.
In addition, if you already have a roadmap or action plan with security projects in any domain (technical, organizational, physical, legal), we provide a Project Management Office (PMO) to manage, coordinate and ensure the implementation of such projects in a timely manner.
Training and awareness-raising
We must improve the security of our organization starting with the weakest link in the chain: people. It is vital to carry out awareness-raising initiatives with the aim of training, disseminating and sensitising all employees of the organisation to the importance of information security and how to apply good practices to their daily activities.
We help our customers with a wide range of activities aimed at improving employee motivation, intuition and safety training.
GRC platform for the integral management of IT and information security processes It provides support for regulatory compliance and established standards: GDPR, ENS, ISMS (based on ISO 27001); as well as ITIL and ISO 20000, in the area of service management. Integration with PILAR and LUCIA.
The pace set by the digital age requires organizations not only to defend the perimeter and avoid vulnerabilities, but also to deploy a Cybersecurity strategy with a 360º approach. Covering not only the technological field but also the physical, organizational and legal.