The National Library of Spain (Biblioteca Nacional de España; BNE), founded by Philip V in late 1711, is an autonomous body in charge of Spain’s bibliographical heritage and document holdings. Its remit is to pool, catalogue, keep and distribute bibliographical holdings, which now add up to over 28 million publications produced in Spain since the eighteenth century: books, magazines, maps, engravings, drawings, scores, brochures, etc.

The BNE is Spain’s oldest cultural institution, celebrating its 300th birthday in this year 2012. Despite this age it also moves with the times, constantly renewing its facilities and bringing them into line with the new technological advances. It has therefore decided to improve the security of its applications and adapt them to applicable legislation and standards.

The BNE has turned to GMV for developing adaptation guides to the National Security Scheme (Esquema Nacional de Seguridad: ENS), whose aim is to build trust in the use of electronic media by developing measures to guarantee the security of systems, data, communications and electronic services, ensuring and safeguarding the exercising of rights and fulfilment of duties through this media. Its overriding purpose is to encourage general confidence that information services will provide their services and keep information in accordance with their functional specifications, without any interruptions or modifications outside their control and without this information coming to the knowledge of unauthorised persons.

For this project GMV has drawn up a series of documents laying down the "good practices" that should be enforced for improving security in the development life cycle. In particular here we are referring to coding measures that ensure secure implementation of particularly sensitive functions, as well as the procedural measures that should be enforced for improving security in each one of the development life-cycle phases included in the methodology of the Biblioteca Nacional. It also establishes the existing link between these good security practices and the three following legislation/standards: the Spanish Data Protection Act (Ley de Protección de Datos: LOPD), the Esquema Nacional de Seguridad (ENS), and the Payment Card Industry Data Security Standard (PCI-DSS). Lastly, these good practices should be enforced both for the Biblioteca Nacional’s own inhouse software developments and those carried out by third parties.

Finally the project includes a series of information sessions to bring the abovementioned aspects home to the Biblioteca’s personnel directly involved in the development and implementation of applications.