Cybersecurity by sector — because every client lives a different framework

Banking, insurance, servicing, payments, asset management and critical tech providers to the financial sector. DORA, EBA, BCBS 239, NIS2, Solvency II, PCI-DSS and ECB/EBA/CNMV/Banco de España/DGSFP supervision.

• DORA — Regulation (EU) 2022/2554
• EBA Guidelines on ICT Risk
• BCBS 239 + Solvency II
• TLPT and TIBER-EU exercises
• Recurring operations with supervisor-ready SLAs

Public and private hospitals, clinics, primary care, mutuas, healthtech, telemedicine, pharma and health-sector tech providers. ENS, NIS2 (essential sector), reinforced GDPR for special-category data, ISO 27001/27799 and medical devices regulation.

• ENS — Spain RD 311/2022 (public and concerted)
• NIS2 (healthcare essential sector)
• Reinforced GDPR · special-category data
• ISO 27001 + ISO 27799 + IEC 62304
• 24/7 ransomware-ready DFIR retainer

Autonomous communities, city councils, provincial councils, autonomous bodies, state agencies, public foundations, defense, judiciary and tech providers serving Spanish public administration. ENS mandatory, NIS2 essential sector, CCN-STIC as operational reference.

• ENS — RD 311/2022 mandatory
• NIS2 essential sector for public administration
• Spanish Laws 40/2015 + 39/2015 + ENI
• CCN-STIC operational reference
• DFIR retainer against municipal ransomware

OEMs, Tier-1/2/3 manufacturers, discrete and process manufacturing, chemicals, food, metal, industrial distribution and industrial IT providers. NIS2 essential sector, ISO 27001, IEC 62443 over OT/ICS and TISAX for automotive.

• NIS2 manufacturing essential sector
• IEC 62443 over OT/ICS
• TISAX for automotive supply chain
• ISO 22301 real continuity
• Tier-N supply chain governance

Public and private universities, business schools, university research centres, learning platforms and IT suppliers to the higher-education sector. Real focus on infrastructure security (track record with university clients), ENS for public-sector ties, GDPR special research regime (Article 89) and external exposure.

• Real track record in university infrastructure
• ENS for public universities
• GDPR Article 89 — scientific research
• M365, IAM and eduroam/SIR/eduGAIN
• DFIR retainer for enrolment peaks

Power generation, transmission and distribution, retailers, gas, oil and refining, water, renewables and IT/OT suppliers to the energy sector. HIGHLY critical sector under NIS2, common PIC designation, IT/OT boundary with IEC 62443 judgement and ENS for public-sector ties.

• NIS2 highly critical sector
• Spanish Law 8/2011 PIC + NCCS (EU) 2024/1366
• IT/OT boundary with IEC 62443
• ISO 27001 + ISO 27019 (energy)
• NIS2 deadlines covered by 24/7 retainer

Large grocery distribution, specialty retail, e-commerce, marketplaces, foodservice, wholesale distribution, retail logistics and IT suppliers to the sector. PCI DSS v4.0, GDPR reinforced by scale, anti-Magecart at checkout and operations ready for Black Friday.

• PCI DSS v4.0 + QSA preparation
• Anti-Magecart at checkout (controls 6.4.3 / 11.6.1)
• GDPR reinforced by scale — loyalty
• NIS2 if large grocery distribution
• 24/7 SOC reinforced during commercial peaks

Horizontal and vertical B2B SaaS, PaaS/IaaS platforms, embedded software, AI/ML SaaS, B2B marketplaces, MSPs and cybersecurity vendors. ISO 27001 as the certifiable foundation, ENS for selling to the Spanish public sector, DORA/NIS2 if critical supplier, AI Act and CRA where they apply.

• ISO 27001 = enterprise onboarding door
• ENS for selling to the Spanish public sector
• DORA / NIS2 if critical supplier
• SOC 2 Type II readiness (audit by CPA)
• AI Act and Cyber Resilience Act per product