Accredited certification bodies

The National Accreditation Entity (ENAC) makes available to interested parties the accreditation framework for entities wishing to certify compliance with the National Security Framework (ENS)..

The accreditation framework has been developed by ENAC in close collaboration with the General Secretariat for Digital Administration (Ministry of Economic Affairs and Digital Transformation) and the National Cryptologic Centre (CCN).

In the case of systems classified as LIMITED DIFFUSION (LD) or equivalent, an entity must be accredited by ENAC in the scope of application of the National Security Framework in accordance with the UNE-EN ISO/IEC 17065:2012 standard in order to certify compliance with STIC requirements. In addition, security auditing entities must have a valid Company Security Clearance (HSEM in Spanish initials).

Compliance with STIC requirements in the field of classified systems (LD) may also be certified among those auditing entities that comply with one of the following options (CCN-STIC-101):

  1. Be an entity, organ, body, agency and unit linked to or dependent on the Public Administrations whose competencies include the development of information systems audits, as stated in its creation regulations or structural decrees and whose due impartiality is guaranteed.
  2. Exceptionally, be a company validated by the CCN, which has demonstrated sufficient technical capability to carry out STIC audits/inspections on systems handling classified information.
Those interested in applying for accreditation can contact ENAC at: enac@enac.es

It would be desirable to try to ensure that all systems (those already certified and those in the process of certification) reach 05.05.2024 with a RD 311/2022 certificate or are in the process of obtaining one, for which the National Cryptologic Centre (CCN) urges accredited Certification Entities to advise their clients on such matters, which will undoubtedly avoid possible situations of expiry of Certifications and will improve confidence in the information systems within the scope of application of the ENS certified in accordance with the new RD.

As indicated in the Security Guide CCN-STIC CCN-CERT IC-01/19 ENS: General Audit and Certification Criteria, when an exceptional situation arises -such as the one caused by Covid-19-, which advises the opening of a temporary hiatus in the relationship between Certification Bodies and their clients, or the temporary extension of the Certificates of Conformity issued, the CCN may, in the exercise of its powers, extend the validity of the Certificates of Conformity by issuing a communication or after the analysis of each specific case that, in this regard, is submitted for its consideration.

The date indicated when an entity is in the process of accreditation corresponds to the date on which the accreditation was requested from ENAC. During the 12-month period, the company in the process of accreditation may carry out audits and issue certificates. If accreditation has not been obtained during this period, the entity in the process must cease its certification activities..

Certification bodies accredited or in the process of accreditation to issue certifications of conformity with the ENS and systems classified with the degree of LIMITED DISCLOSURE (LD) or equivalent:

Name
Business name
Webpage
ENS accreditation status (accredited by ENAC)
ENS accreditation status (recognized as OAT)
STIC accreditation status (DL)
ABS QE ASSURANCE SERVICES (SPAIN)
ABS QE ASSURANCE SERVICES (SPAIN), S.L. (Unipersonal)
https://www.abs-qe.com/es/
EN PROCESO
24-09-2024
-
-
ADOK CERTIFICACIÓN
ADOK CERTIFICACIÓN, S.L.
https://www.adokcertificacion.com/
ACREDITADA
15-12-2023
-
-
AENOR CONFIA, S.A.U
AENOR CONFIA S.A. (Unipersonal)
https://www.aenor.com/
ACREDITADA
21-04-2017
-
ACREDITADA
25-06-2021

AGENCIA DE CIBERSEGURIDAD DE LA COMUNIDAD DE MADRID

AGENCIA DE CIBERSEGURIDAD DE LA COMUNIDAD DE MADRID

https://www.comunidad.madrid/
-
RECONOCIDA
12-03-2026
-
AGENCIA PARA LA CERTIFICACIÓN DE LA CALIDAD Y EL MEDIO AMBIENTE
AGENCIA PARA LA CERTIFICACIÓN DE LA CALIDAD Y EL MEDIO AMBIENTE, S.L. (ACCM)
https://www.accm.es/
ACREDITADA
12-09-2025
-
-
 Agència de Ciberseguretat de Catalunya
 Agència de Ciberseguretat de Catalunya
 https://ciberseguretat.gencat.cat/ca/inici/index.html
-
RECONOCIDA
04-08-2023
-

AGENCIA VASCA DE CIBERSEGURIDAD (CYBERZAINTZA)

Agencia Vasca de Ciberseguridad (CYBERZAINTZA)

https://ciberseguridad.euskadi.eus/inicio/

-

RECONOCIDA
13-05-2026

-
Audertis Audit Services
Audertis Audit Services, S.L.
http://www.audertis.es/
ACREDITADA
29-12-2017
-
ACREDITADA
06-06-2018
BDO Auditores
BDO Auditores, S.L.P.
http://www.bdo.es/
ACREDITADA
15-06-2018
-
-
BRITISH STANDARDS INSTITUTION Group Iberia
BRITISH STANDARDS INSTITUTION Group Iberia, S.A. (Unipersonal)
https://www.bsigroup.com/es-ES/
EN PROCESO
29-05-2025
-
-
Bureau Veritas Certificación
Bureau Veritas Iberia, S.L.
http://www.bureauveritas.es/
ACREDITADA
29-10-2021
-
-
Cámara Certifica
Certificación y Confianza, Cámara S.L.U.
http://camaracertifica.es/
ACREDITADA
05-07-2019
-
-
CATA-EA - Centro de Apoyo Técnico Avanzado del Ejército del Aire y del Espacio
Jefatura de Servicios Técnicos y Ciberespacio (Ejército del Aire y del Espacio)
www.ejercitodelaire.mde.es
-
RECONOCIDA
23-05-2024
ACREDITADA
23-05-2024
CESTIC - Centro de Sistemas y Tecnologías de la Información y las Comunicaciones
Secretaría de Estado de Defensa (Ministerio de Defensa)
https://www.defensa.gob.es/cestic
-
RECONOCIDA
20-07-2022
ACREDITADA
20-07-2022
DNV GL Business Assurance España
DNV GL Business Assurance España, S.L. (Unipersonal)
https://www.dnv.es/
ACREDITADA
14-10-2022
-
-
European Quality Assurance Spain
European Quality Assurance Spain, S.L.
https://eqa.es/
ACREDITADA
09-07-2021
-
-
ICDQ, INSTITUTO DE CERTIFICACIÓN
ICDQ, INSTITUTO DE CERTIFICACIÓN, S.L., ESPAÑA Barcelona Mataró 08302 Parc TecnoCampus Mataró-Maresme, Edificio TCM2, P6. Avinguda Ernest Lluch, 32
https://www.icdq.es
ACREDITADA
04-04-2025
-
-
IGC CERTIFICACIÓN GLOBAL
IGC CERTIFICACIÓN GLOBAL, S.L.U.
https://www.certificacionglobal.com/
ACREDITADA
19-07-2024
-
-
IMQ Ibérica - Certificación de Sistemas de Calidad y de Producto
IMQ Ibérica - Certificación de Sistemas de Calidad y de Producto, S.L. (Unipersonal)
https://www.imq.it/es
ACREDITADA
13-01-2023
-
-
IVAC - Instituto de Certificación
IVAC - Instituto de Certificación, S.L.
http://ivac.es/
ACREDITADA
02-10-2020
-
-
Lazarus Alliance LAEU, SL
Lazarus Alliance LAEU, SL  Calle Villalar 7, Bajo Izquierda, 28001 Madrid (Spain)
https://lazarusalliance.com/
EN PROCESO
13-06-2024
-
-
LEET Security
LEET Security, S.L.
http://www.leetsecurity.com/
ACREDITADA
23-02-2018
-
-
LGAI Technological Center (APPLUS)
LGAI Technological Center, S.A. (APPLUS)
https://www.appluscertification.com/global/es/
ACREDITADA
27-07-2018
-
-
Mando Conjunto del Ciberespacio (MCCE) / ESPDEF-CERT
Ministerio de Defensa / Estado Mayor de la Defensa (EMAD)
https://emad.defensa.gob.es/unidades/mcce/
-
RECONOCIDA
16-08-2022
ACREDITADA
16-08-2022
OCA Global
OCA Instituto de Certificación S.L. (Unipersonal)
http://ocaglobal.com/
ACREDITADA
30-10-2020
-
-
S2 Grupo
S2 Grupo
https://www.s2grupo.es/
-
-
ACREDITADA
16-11-2023
SGS BRIGHTSIGHT BARCELONA
SGS BRIGHTSIGHT BARCELONA, S.L. (Unipersonal)
http://www.sgs.es/
ACREDITADA
17-02-2023
-
-
SGS International Certification Services Ibérica
SGS International Certification Services Ibérica, S.A.U.
https://www.sgs.com/
ACREDITADA
29-09-2023
-
-
Sidertia Solutions
Sidertia Solutions, S.L.
https://www.sidertia.com/
-
-
ACREDITADA
14-03-2024
SPG CERTIFICACIÓN
SPG CERTIFICACIÓN, S.L.
https://spgcertificacion.com/
EN PROCESO
28-05-2025
-
-
    ENS LOGO