National Security Scheme

Royal Decree 3/2010 of the 8th of January, otherwise known as the National Security Scheme, regulates the previous decree from article 42 of the law 11/2007 of the 22nd of June "Electronic Access of citizens to public services". Its objective is to establish security policies for electronic communication and is made up of regulations and guidelines that allow electronic information to be adequately protected.

The overall aim of the National Security scheme is to create the necessary conditions to allow 100% trust in electronic and online mediums by means of regulations that guarantee the security of online communications and services. It relies on the fact that information systems are able to offer continuous uninterrupted services that cannot be influenced or accessed by unauthorized personnel.

In order to create such conditions, the National Security Scheme introduces some common elements that all public administrations must follow. In particular:

Basic principals of information security
Sufficient systems in place to guarantee the adecuate protection of data
Mechanisms in place to be able to meet minimum requirements laid out by the scheme using recognised security measures

It takes the recommendations of the European Union, the technological situation of the different Public Administrations, as well as existing electronic services and the use of open standards and, where appropriate, and in addition, standards that arewidely used by citizens.

In its preparation have been handled, among others, regarding safety guidelines andguides such as the OECD, European Union recommendations, national standards andinternational rules on e-government, protection of personal data, electronic signature andElectronic National Identity Document, as well as references from other countries.