Distinct regulatory framework per sector
A bank lives under DORA and EBA; a hospital under ENS and NIS2; a SaaS SMB under ISO 27001 and GDPR. Sectoral pages explain the regulation that applies to each client — not the entire catalog list.
Sectors · Cybersecurity by client
Cybersecurity by sector — because every client lives a different framework
Service pages explain what we do. Sector pages explain who we do it for and why the approach changes when the client changes.
Why a sectoral approach
Useful cybersecurity changes with the client
The same service (SOC/MDR, vulnerability management, audit) runs differently if the client is a bank under DORA or a hospital under ENS. Sectoral pages capture that difference.
Specific threat profile
The financial sector fears fraud, BEC and operational resilience. The health sector fears ransomware with clinical impact and special-category data leakage. Services apply differently.
Client vocabulary and metrics
What a banking Risk Committee expects is not the same as what a Clinical Security Committee expects. Each sector has its own language and its own way of measuring success.
Reuse across sectors and frameworks
An entity that crosses several sectors (e.g., a health mutual under DORA by scale) reuses evidence across frameworks. Sectoral pages show those crossovers explicitly.
Available sectors
Sectoral pages currently published
Financial sector
AvailableBanking, insurance, servicing, payments, asset management and critical tech providers to the financial sector. DORA, EBA, BCBS 239, NIS2, Solvency II, PCI-DSS and ECB/EBA/CNMV/Banco de España/DGSFP supervision.
- DORA — Regulation (EU) 2022/2554
- EBA Guidelines on ICT Risk
- BCBS 239 + Solvency II
- TLPT and TIBER-EU exercises
- Recurring operations with supervisor-ready SLAs
Healthcare sector
AvailablePublic and private hospitals, clinics, primary care, mutuas, healthtech, telemedicine, pharma and health-sector tech providers. ENS, NIS2 (essential sector), reinforced GDPR for special-category data, ISO 27001/27799 and medical devices regulation.
- ENS — Spain RD 311/2022 (public and concerted)
- NIS2 (healthcare essential sector)
- Reinforced GDPR · special-category data
- ISO 27001 + ISO 27799 + IEC 62304
- 24/7 ransomware-ready DFIR retainer
Spanish public administration
AvailableAutonomous communities, city councils, provincial councils, autonomous bodies, state agencies, public foundations, defense, judiciary and tech providers serving Spanish public administration. ENS mandatory, NIS2 essential sector, CCN-STIC as operational reference.
- ENS — RD 311/2022 mandatory
- NIS2 essential sector for public administration
- Spanish Laws 40/2015 + 39/2015 + ENI
- CCN-STIC operational reference
- DFIR retainer against municipal ransomware
Industry and manufacturing
AvailableOEMs, Tier-1/2/3 manufacturers, discrete and process manufacturing, chemicals, food, metal, industrial distribution and industrial IT providers. NIS2 essential sector, ISO 27001, IEC 62443 over OT/ICS and TISAX for automotive.
- NIS2 manufacturing essential sector
- IEC 62443 over OT/ICS
- TISAX for automotive supply chain
- ISO 22301 real continuity
- Tier-N supply chain governance
Higher education
AvailablePublic and private universities, business schools, university research centres, learning platforms and IT suppliers to the higher-education sector. Real focus on infrastructure security (track record with university clients), ENS for public-sector ties, GDPR special research regime (Article 89) and external exposure.
- Real track record in university infrastructure
- ENS for public universities
- GDPR Article 89 — scientific research
- M365, IAM and eduroam/SIR/eduGAIN
- DFIR retainer for enrolment peaks
Roadmap
Sectors in progress
The following sectors are on the roadmap. If your sector isn't yet published but we're already working with you in it, we can prepare a proposal directly without waiting for the public page.
Energy and utilities
Coming soonGeneration, transmission and distribution of electricity, gas, water. NIS2 essential sector and operational resilience.
Retail and consumer
Coming soonRetail chains, e-commerce, marketplaces. PCI-DSS, GDPR, identity management and external exposure.
B2B SaaS and tech
Coming soonB2B SaaS providers, tech platforms with regulated clients. ISO 27001, ENS if selling to public sector, NIS2 if critical provider.
Let's talk
Is your sector not yet published?
Not all our sectors have a public page yet. If you work in regulated industries, public administration, energy, education, retail, B2B SaaS or technology, we can prepare a proposal and direct conversation without waiting for the landing page to publish.