The centre CCN-CERT National PKIX has published in the web portal an update of its CCN-STIC-801 guide sobre responsabilidades y funciones en el ENS. Concretamente, el documento, que se puede consultar en la parte pública del portal, recoge las responsabilidades generales en la gestión de la seguridad de los sistemas de información de las entidades del Sector Público del ámbito subjetivo de aplicación del "3/2010, of January 8th, that regulates the national security Scheme (NHIS) .
These entities must, based on the guidelines outlined in this guide, establish and adopt its own security organization, according to its nature, structure, dimensions and available resources, which should be reflected in the policy of information security of the entity and, when you treat personal data, in the data protection policy.
Among the main content that contains the directory is a definition of the security structure, as well as actors and responsible for the management of the same. Those responsible are grouped according to the level of government, monitoring and operational.
However, as indicated in the document, some responsibilities can be instrumentalized through committees, which will act as a collegiate bodies, as specified in the law 40/2015. The most common, as stated, are the corporate security Committee and the committee of Information security.
Finally, includes a section dedicated to the management of risks and another to the intersection of ENS with the General Rules of data protection (RGPD).