Página servicio de Babel Sistemas de Información

We assist you with the implementation process of an Information Security Management System (ISMS) based on the ISO 27001 standard, from its establishment to its certification, including a subsequent permanent monitoring and follow-up service to ensure the continuous maintenance of the system.  

We offer our clients a complete diagnostic, advisory and consultancy service for the adaptation and compliance with the National Security Scheme (ENS - Royal Decree 3/2010 of 8 January, amended by Royal Decree 951/2105 of 23 October), which aims to establish the security policy in the use of electronic media and is made up of basic principles for the adequate protection of the information  

All companies and public bodies that handle personal information are obliged to adopt the requirements of the General Data Protection Regulation (RGPD) - EU 679/2016 (in application since 25 May 2018) and the Organic Law 3/2018, on the Protection of Personal Data and Guarantee of Digital Rights, of 5 December 2018, approved by the Congress of Deputies.

We offer you a complete range of services aimed at covering the entire life cycle of the processing of personal data, that is, from the phase of analysis of the current situation and adaptation plan to maintenance, including support for implementation and subsequent revisions.  

PCI DSS (Payment Card Industry Data Security Standard) is a security standard published by the PCI Security Standard Council and defines the requirements for the protection of payment card data and the technological infrastructure that stores, processes or transports it. It therefore applies to companies that process, transmit or store payment card data (banks, e-commerce, merchants and processors, among others).

The European Union's Payment Services Directive 2 (PSD2) legislation, active since 13 January 2018, provides a legal framework for digital payments made in Europe and obliges financial institutions that manage a bank payment account to transfer its data to third parties expressly authorised by the cardholder.

Ingenia, as a company specialising in security services for the financial sector, offers you expert assistance and advice to ensure compliance with PCI DSS and PSD2, from the initial diagnosis phase (GAP Analysis) and implementation plan, to the certification support service, including support for the execution of the plan's actions and ongoing support.  

The main objective of the Critical Infrastructure Protection Act (LPIC, 8/2011) is to improve the protection of those infrastructures that are considered critical for the country.

The Royal Decree-Law on the Security of Networks and Information Systems (LNIS, 9/2018), transposes the European Directive NIS 2016/1148 (Security of Networks and Information Systems) to the Spanish legal system, with the main objective of increasing protection against attacks and vulnerabilities in networks and information systems throughout the EU. It affects both operators of essential services and digital service providers.

Ingenia offers expert assistance for compliance with both laws, covering the entire project lifecycle, from the initial diagnosis phase to the design of the implementation roadmap, support for the action plan and subsequent maintenance.  

We assist organisations to undertake a risk analysis that systematically and homogeneously quantifies the real risks to which their information systems are subjected in the face of different threats, and which makes it possible to identify actions to reinforce organisational, legal, physical and technical security measures to reduce these risks.

A Security Master Plan is the set of these actions, scheduled and costed to mitigate the identified security risks  

Organisations today depend on IT infrastructures to carry out their activities and develop their business. In the event of an incident that renders these infrastructures unusable (fire, flood, sabotage, vandalism, earthquake, etc.), their continuity could be seriously affected, even becoming irrecoverable within an acceptable period of time.

In order to be prepared for any disruptive incident, Ingenia offers a series of complementary services that cover the Disaster Recovery Plan (DRP), with the measures to be adopted so that a business can continue to operate in the event of a disaster and the actions to be taken for restoration.

In addition, the Business Impact Analysis (BIA), which identifies the criticality and sensitivity to an interruption of the different business processes and, consequently, determines the recovery times associated with each process and the recovery strategies to guarantee them.

We offer you a consultancy service for the implementation of a Business Continuity Management System (BCMS) based on the ISO 22301 standard. From its establishment until the moment of obtaining the certification, this service is completed with a permanent monitoring and follow-up to ensure the continuous maintenance of the system.  

For those clients who, being affected by regulatory requirements, IT or information security standards, do not have sufficient internal resources to be able to address compliance or require external expertise, we offer a Technical Office specialising in consultancy. These services are generally attached to the CISO (Security Officer) or DPO (Data Protection Officer) of the Organisation, so that these profiles can count on an expert team of security technicians and consultants, who contribute to compliance with the requirements.

In addition, if you already have a roadmap or action plan with security projects in any domain (technical, organisational, physical, legal), we provide you with a Project Management Office (PMO) to manage, coordinate and ensure the execution of these projects in a timely manner.  

We improve the security of our organisation starting with the weakest link in the chain: people. It is vital to carry out awareness-raising initiatives with the aim of training, disseminating and sensitising all employees of the organisation to the importance of information security and how to apply good practices to their daily activity.

We support our clients with a wide range of activities aimed at improving employee motivation, intuition and security training.