Below we formulate some recommendations in order to draw up Service Security Adaptation Plans, Security Policies and other relevant documents for APs.
- Before starting these works, it is important to identify beforehand the starting point of each organization and establish a specific roadmap, while integrating security as an integral process.
- When working on each organization's Security Policy, keep in mind that it will have to detail the responsibilities of each person in charge and what the coordination and conflict resolution mechanisms are.
- If the objective is to treat security as a transversal and integral process, it is advisable to consider the organization of security from a double perspective: on the one hand, the security of information systems and on the other, the security of the data that is managed, that is, the responsibilities derived from compliance with the applicable regulations.
- In addition, if you are a user of any AOC service, please note the specific terms of service provision and the security conditions that, where applicable, are contained (for example, the T-CAT Registration Entities or idCAT).
Although there are different formulas for the organization of security, a proposal from the perspective of comprehensive management and simplification may be to opt for a security organization structured in two collegiate bodies: the commission and the security sub-commission . These bodies would assume the roles and functions of the security organization in accordance with the regulations - except for the role of system security administrator - as well as the roles and functions derived from the data protection regulations of personal character
Law 40/2015: art. 156
Organic Law 3/2018
National Security Scheme
National Interoperability Scheme