The centre CCN-CERT National PKIX has published in the web portal an update of its CCN-STIC-801 guide on responsibilities and duties in ENS. Specifically, the document, which can be found in the public part of the vestibule, reflects the general responsibilities in the management of the security of information systems of public Sector entities of the subjective scope of application of "3/2010, of January 8th, that regulates the national security Scheme (NHIS) .
These entities must, based on the guidelines outlined in this guide, establish and adopt its own security organization, according to its nature, structure, dimensions and available resources, which should be reflected in the policy of information security of the entity and, when you treat personal data, in the data protection policy.
Among the main content that contains the directory is a definition of the security structure, as well as actors and responsible for the management of the same. Those responsible are grouped according to the level of government, monitoring and operational.
However, as indicated in the document, some responsibilities can be instrumentalized through committees, which will act as a collegiate bodies, as specified in the law 40/2015. The most common, as stated, are the corporate security Committee and the committee of Information security.
Finally, includes a section dedicated to the management of risks and another to the intersection of ENS with the General Rules of data protection (RGPD).