MailComms Group: we are the first company in Spain to obtain the NIS2 certification from AENOR.

Today we want to tell you something important: we have successfully passed the AENOR NIS2 compliance audit, making MailComms Group the first company in Spain to obtain this certificate, which is issued by AENOR under very demanding requirements. This achievement not only reflects our commitment to cybersecurity and privacy, but also offers a number of significant guarantees for our customers.

NIS2 (Revised Network and Information Systems Security Directive) is the EU Directive on the security of network and information systems that establishes a robust and consistent framework for improving cybersecurity across the European Union. This standard, which is an evolution of its predecessor NIS, imposes a set of technical and organizational requirements that entities must meet to ensure the security and resilience of their information systems. Among the highlights of NIS2 are:

• Governance and risk management: entities must have adequate and proportionate risk management measures in place to prevent and mitigate cybersecurity incidents.
• Incident detection and response: requires the implementation of incident monitoring, detection and response capabilities to minimize the impact of attacks.
• Technical requirements: includes, in detail, the technical standards that systems must meet to reduce risks. These standards are developed by the European Telecommunications Standards Institute (ETSI), an independent organization that produces globally applicable standards for information and communication technologies, including those related to cybersecurity. ETSI 319/401 (ETSI EN 319 401 v3.1.1 General Policy Requirements for Trust Service Providers) is mandatory for all qualified trust service providers (TSPs). This ETSI establishes general requirements to ensure that high levels of security and reliability are maintained in the services provided to users or customers.
• Incident reporting: entities have to report relevant incidents to the competent authorities within a deadline specified in the text itself.
• Technical and organizational measures: incorporation of appropriate technical and organizational measures to ensure the security of networks and information systems.

MailComms Group is the first qualified trust service provider in Spain to pass the strict audit carried out by AENOR to issue its NIS2 certificate.

This accreditation ensures that our core services are fully aligned with the most rigorous European standards and that our information security and privacy management systems (ISPS) meet our customers’ stringent requirements in terms of cybersecurity, within our supply chain work.

In addition, it is particularly interesting for our clients because it guarantees that their data and communications are protected with the most advanced and up-to-date security measures. Confidence in our services is reinforced by our ability to identify, prevent and respond effectively to any cyber threat, ensuring the continuity and privacy of your operations.

On the other hand, this accreditation, added to the other certifications we hold at MailComms Group, places us at a higher level in terms of security, privacy, business continuity and regulatory compliance. In other words, it guarantees due diligence in the choice of suppliers for those companies that integrate us into their supply chain.

Sonia Las Heras, CISO of MailComms Group, explains: “The audit process to obtain this certificate was extremely rigorous, but we are proud to offer such a significant guarantee of security and privacy through our commitment to the ‘security and compliance by design’ philosophy. This approach is always present in the DNA of our platforms and in the business processes we develop together with our external technology partners “.

In today’s business environment, cybersecurity has become a top priority. Choosing trusted “cybersecure” service providers not only ensures data protection and business continuity, but also complies with the due diligence required in the selection of suppliers. Companies need to ensure that their suppliers comply with the highest security and privacy standards, as established by the NIS2 regulation, to mitigate risks, protect the integrity of their information systems and offer secure services to their users and customers.

Although DORA and NIS2 focus on different sectors, both regulations share a common link: improving cybersecurity and operational resilience in the European Union.

DORA (Digital Operational Resilience Act) focuses on ensuring the operational resilience of the financial sector. Among other things, it calls for comprehensive ICT risk management, incident management, resilience testing, third-party risk management and information sharing within the financial sector.

For its part, NIS2 aims to optimize the overall cybersecurity posture across the EU. This directive focuses on governance and incident detection and response and secures and tests perimeters and assets in several critical sectors, covering a wider range of essential and important sectors.

Both regulations share fundamental principles such as ICT risk management, incident detection and response, and the importance of cooperation and information sharing to address growing cyber threats.

At MailComms we pride ourselves on being at the forefront of cybersecurity compliance to provide maximum protection and confidence for our customers.