HomeCompliance › ENS

ENS compliance software for the Spanish public sector.

Esquema Nacional de Seguridad (RD 311/2022) pre-loaded with the right controls per Categoria - Basica, Media or Alta - plus ISO 27002 mapping, MAGERIT-style risk register, supplier register and the audit-trail PDF the supervisor accepts. Built for ayuntamientos, ministerios, organismos autonomos and the SaaS suppliers serving them.

Open the portal See pricing

What is the ENS?

El Esquema Nacional de Seguridad (Real Decreto 311/2022) is Spain's mandatory information-security baseline. It applies to every entity in the public sector and to every private supplier processing data on their behalf - which in practice means anyone selling SaaS, hosting, consulting or BPO services into the Spanish administration.

Who needs to comply

  • Administracion General del Estado (ministerios + organismos)
  • Comunidades autonomas, diputaciones, ayuntamientos
  • Universidades publicas and entidades publicas empresariales
  • SaaS, hosting, outsourcing and consultancy suppliers contracting with any of the above

Key ENS controls covered by Dazr

Categorizacion del sistemaEach system classified Basica / Media / Alta based on impact on CIA + Authenticity + Trazabilidad.
Marco organizativoPolicy, normativa, procedures and authorisation process pre-loaded.
Marco operacionalAsset inventory, access control, monitoring and continuity scaled to your Categoria.
Medidas de proteccionPhysical, cryptography (CCN-STIC 807), web-service hardening (CCN-STIC 812).
ISO 27002 mappingReuse the same evidence if you also run ISO 27001.
Auditoria de seguridadAudit cadence per Categoria scheduled and tracked.

What auditors look for

An ENS audit (carried out by a COFRAC-accredited entity) walks the categorisation, samples evidence per control, and asks for the formal Declaracion de Conformidad. We give you the live workspace + the single-PDF audit trail the auditor expects.

How Dazr helps with ENS

  • Hold the Categoria classification per system with linked risk assessment
  • Run ENS alongside ISO 27001, GDPR / LOPDGDD in one workspace
  • Track supplier obligations cascaded down to ENS-Categoria level
  • Maintain the audit-cycle calendar and Declaracion de Conformidad
  • Hand the auditor a read-only view or a single-PDF audit trail

Back to the full Dazr Compliance overview › | Sign up free ›

ENS questions, answered.

What is the ENS?

Real Decreto 311/2022 - Spain's mandatory information-security baseline for the public sector and its suppliers. Three security categories (Basica, Media, Alta) drive how many and how strict the controls are.

Who has to comply?

Every Spanish public-sector body and every private supplier processing data on their behalf. If you sell SaaS or services to a Spanish ayuntamiento or ministerio, you need this.

How does ENS relate to ISO 27001?

Highly compatible - ENS is mapped to ISO 27002 and reuses much of the same evidence. Enable both frameworks together; our control library walks the overlap automatically.

Where is data hosted?

European Union only. AES-256-GCM at rest. Italian entity, EU jurisdiction - acceptable for ENS sovereignty requirements.

Ready to start your ENS program?

Free for one user. Pro €29/mo and Enterprise €299/mo are self-serve via Mollie. Custom (from €800/mo) is the only tier on a contract.

Open the portal All frameworks