IIS La Fe becomes the first biomedical research centre to obtain the National Security Scheme certification

La Fe Health Research Institute (IIS La Fe) has become the first health research institute in Spain to obtain compliance with the requirements of the National Security Scheme (ENS), by the National Cryptologic Centre (CCN). This distinction is an achievement for the institution, which consolidates its position as a benchmark in information security in health research centres.

To achieve this milestone, a series of actions have been carried out within the IIS La Fe, such as the creation of an organisational chart for the governance of cybersecurity and the adoption of a specific stance on security, which have been reflected in an Information Security Policy. With regard to cybersecurity governance, the roles established by the ENS have been defined, and the various Information Security Committees and user awareness have been created.

The National Security Scheme (ENS) is applicable to the entire Public Sector, as well as to suppliers that collaborate with the Administration and offers a common framework of basic principles, requirements and security measures for adequate protection of the information processed and the services provided, in order to ensure access, confidentiality, integrity, traceability, authenticity, availability and conservation of the data, information and services used by electronic means that they manage in the exercise of their competences.

The certification and adaptation project at the IIS La Fe has been led by the coordinator of the IT Area, Javier Ripoll, with the support of his area and the collaboration of different areas of the IIS La Fe, also represented in their respective Information Security Committees. Furthermore, throughout the process of obtaining the certification, the IIS La Fe has had the unconditional support of important allies such as Mr. Antonio Grimaltos from the Information Security Office of the Department of Universal Health and Public Health of the Generalitat Valenciana, as well as the team of the CCN's Cybersecurity Regulations and Services area, whose support and experience have been fundamental in this path towards obtaining the certification.

The ENS certification represents recognition of the efforts and commitment of IIS La Fe in the continuous improvement of its information security practices and its security posture. Furthermore, it consolidates the confidence for its integral Research Management System and positions itself as a benchmark for other institutions, inspiring them to follow the path of innovation and compliance with high information security standards in their respective fields.

Essential requirements - microCeENS

To reach this important milestone, IIS La Fe has followed a solid methodology based on the 890C guide for Specific Compliance Profiles of Essential Security Requirements and µCeENS, an innovative methodology that benefits from the new features of Royal Decree 311/2022 of 3 May, to obtain the National Security Scheme (ENS) Compliance Certification based on a Specific Compliance Profile (PCE), obtaining the necessary support and assistance to achieve the ENS Compliance Certification from the phase prior to compliance until after obtaining it, all automated in the Cybersecurity Governance tools (INES-AMPARO).