ES 
GL 
CA 
EU 
EN Accredited certification bodies
The National Accreditation Entity (ENAC) makes available to interested parties the accreditation framework for entities wishing to certify compliance with the National Security Framework (ENS)..
The accreditation framework has been developed by ENAC in close collaboration with the General Secretariat for Digital Administration (Ministry of Economic Affairs and Digital Transformation) and the National Cryptologic Centre (CCN).
In the case of systems classified as LIMITED DIFFUSION (LD) or equivalent, an entity must be accredited by ENAC in the scope of application of the National Security Framework in accordance with the UNE-EN ISO/IEC 17065:2012 standard in order to certify compliance with STIC requirements. In addition, security auditing entities must have a valid Company Security Clearance (HSEM in Spanish initials).
Compliance with STIC requirements in the field of classified systems (LD) may also be certified among those auditing entities that comply with one of the following options (CCN-STIC-101):
- Be an entity, organ, body, agency and unit linked to or dependent on the Public Administrations whose competencies include the development of information systems audits, as stated in its creation regulations or structural decrees and whose due impartiality is guaranteed.
- Exceptionally, be a company validated by the CCN, which has demonstrated sufficient technical capability to carry out STIC audits/inspections on systems handling classified information.
It would be desirable to try to ensure that all systems (those already certified and those in the process of certification) reach 05.05.2024 with a RD 311/2022 certificate or are in the process of obtaining one, for which the National Cryptologic Centre (CCN) urges accredited Certification Entities to advise their clients on such matters, which will undoubtedly avoid possible situations of expiry of Certifications and will improve confidence in the information systems within the scope of application of the ENS certified in accordance with the new RD.
As indicated in the Security Guide CCN-STIC CCN-CERT IC-01/19 ENS: General Audit and Certification Criteria, when an exceptional situation arises -such as the one caused by Covid-19-, which advises the opening of a temporary hiatus in the relationship between Certification Bodies and their clients, or the temporary extension of the Certificates of Conformity issued, the CCN may, in the exercise of its powers, extend the validity of the Certificates of Conformity by issuing a communication or after the analysis of each specific case that, in this regard, is submitted for its consideration.
The date indicated when an entity is in the process of accreditation corresponds to the date on which the accreditation was requested from ENAC. During the 12-month period, the company in the process of accreditation may carry out audits and issue certificates. If accreditation has not been obtained during this period, the entity in the process must cease its certification activities..
Certification bodies accredited or in the process of accreditation to issue certifications of conformity with the ENS and systems classified with the degree of LIMITED DISCLOSURE (LD) or equivalent:
STIC accreditation status (DL) | Business name | Webpage | ENS accreditation status (accredited by ENAC) | ENS accreditation status (recognized as OAT) | ENS accreditation status |
|---|---|---|---|---|---|
ABS QE ASSURANCE SERVICES (SPAIN) | ABS QE ASSURANCE SERVICES (SPAIN), S.L. (Unipersonal) | EN PROCESO 24-09-2024 | - | - | |
ADOK CERTIFICACIÓN | ADOK CERTIFICACIÓN, S.L. | - | - | ||
AENOR CONFIA, S.A.U | AENOR CONFIA S.A. (Unipersonal) | - | |||
AGENCIA PARA LA CERTIFICACIÓN DE LA CALIDAD Y EL MEDIO AMBIENTE | AGENCIA PARA LA CERTIFICACIÓN DE LA CALIDAD Y EL MEDIO AMBIENTE, S.L. (ACCM) | - | - | ||
Agència de Ciberseguretat de Catalunya | Agència de Ciberseguretat de Catalunya | - | - | ||
Audertis Audit Services | Audertis Audit Services, S.L. | - | |||
Bureau Veritas Certificación | Bureau Veritas Iberia, S.L. | - | - | ||
CATA-EA - Centro de Apoyo Técnico Avanzado del Ejército del Aire y del Espacio | Jefatura de Servicios Técnicos y Ciberespacio (Ejército del Aire y del Espacio) | - | |||
BDO Auditores | BDO Auditores, S.L.P. | - | - | ||
BRITISH STANDARDS INSTITUTION Group Iberia | BRITISH STANDARDS INSTITUTION Group Iberia, S.A. (Unipersonal) | EN PROCESO 29-05-2025 | - | - | |
Cámara Certifica | Certificación y Confianza, Cámara S.L.U. | - | - | ||
DNV GL Business Assurance España | DNV GL Business Assurance España, S.L. (Unipersonal) | - | - | ||
CESTIC - Centro de Sistemas y Tecnologías de la Información y las Comunicaciones | Secretaría de Estado de Defensa (Ministerio de Defensa) | - | |||
ICDQ, INSTITUTO DE CERTIFICACIÓN | ICDQ, INSTITUTO DE CERTIFICACIÓN, S.L., ESPAÑA Barcelona Mataró 08302 Parc TecnoCampus Mataró-Maresme, Edificio TCM2, P6. Avinguda Ernest Lluch, 32 | - | - | ||
IGC CERTIFICACIÓN GLOBAL | IGC CERTIFICACIÓN GLOBAL, S.L.U. | - | - | ||
IVAC - Instituto de Certificación | IVAC - Instituto de Certificación, S.L. | - | - | ||
IMQ Ibérica - Certificación de Sistemas de Calidad y de Producto | IMQ Ibérica - Certificación de Sistemas de Calidad y de Producto, S.L. (Unipersonal) | - | - | ||
LEET Security | LEET Security, S.L. | - | - | ||
LGAI Technological Center (APPLUS) | LGAI Technological Center, S.A. (APPLUS) | - | - | ||
Lazarus Alliance LAEU, SL | Lazarus Alliance LAEU, SL Calle Villalar 7, Bajo Izquierda, 28001 Madrid (Spain) | EN PROCESO 13-06-2024 | - | - | |
European Quality Assurance Spain | European Quality Assurance Spain, S.L. | - | - | ||
OCA Global | OCA Instituto de Certificación S.L. (Unipersonal) | - | - | ||
S2 Grupo | S2 Grupo | - | - | ||
Mando Conjunto del Ciberespacio (MCCE) / ESPDEF-CERT | Ministerio de Defensa / Estado Mayor de la Defensa (EMAD) | - | |||
SGS BRIGHTSIGHT BARCELONA | SGS BRIGHTSIGHT BARCELONA, S.L. (Unipersonal) | - | - | ||
SGS International Certification Services Ibérica | SGS International Certification Services Ibérica, S.A.U. | - | - | ||
SPG CERTIFICACIÓN | SPG CERTIFICACIÓN, S.L. | EN PROCESO 28-05-2025 | - | - | |
Sidertia Solutions | Sidertia Solutions, S.L. | - | - |
