The Instituto de Estadística de Cataluña turns to GMV for its information security
GMV is working with the Catalan Statistics Institute (Instituto de Estadística de Cataluña: IDESCAT) to help ensure compliance with the Spanish National Security Scheme (Esquema Nacional de Seguridad: ENS) and Personal Data Protection Law (Ley Orgánica de Protección de Datos de Carácter Personal: LOPD). The official body responsible for the planning, standardization, coordination and management of Catalunya’s statistical system has checked its ENS- and LOPD-compliance in the interests of an ongoing improvement of its state of security.
To do so, GMV ran an audit to pinpoint any nonconformities or improvable shortfalls. This involved not only an improvement of organizational aspects to ensure ENS- and LOPD-compliance but also a check of all security-improvement actions taken after the company’s 2014 audit.
As a result of the examination of all the Institute’s information systems and files (computerized or otherwise) as well as physical security or enforcement legislation, an action plan was drawn up focusing in particular on ENS amendments published on 4 November 2015.
Since GMV’s first IDESCAT audit back in 2011 there has been constant improvement and upgrading of ENS- and LOPD-compliance as well as the overall state of security.
The ENS lays down the security policy for the use of electronic media. It is made up by basic principles and minimum requisites to ensure proper protection of information. The overall aim is to guarantee trustworthiness of electronic media in the eyes of citizens. This scheme was laid down in Royal Decree (Real Decreto: RD) 3 of 8 January 2010 and is established in article 42 of the Citizens’ Electronic Access to Public Services Law 11 of 22 June 2007 (Ley de acceso electrónico de los ciudadanos a los Servicios Públicos).
The purpose of the LOPD, for its part, is to guarantee and protect personal data processing activities, public freedoms and the fundamental rights of individuals, especially their honor, personal and family privacy and intimacy. Its main remit is to regulate the processing of personal data and files, regardless of the medium used, data-subject rights and the obligations of those who create and process this data. This law applies to all personal data of all types, whether stored on computerized media or any other sort of media.