Mapfre

Collaboration Agreement

Mapfre

Collaboration Agreement

Mapfre and LEET Security have signed a collaboration agreement to promote the use of cybersecurity rating and labelling. Mapfre will foster the rating of services it uses and LEET will offer spetial conditions to Mapfre's service providers.

Repsol

Vendor Risk Management

Repsol

Vendor Risk Management

Analysis of Repsol methodology for the technological risk management of vendors, and identifying mappings with the LEET Security rating methodology.

Practical application with rating and audit of 6 services / vendors along 2 years.

Integration of rating methodology with procurement process to be part of the concentration process that Repsol is carrying on with development providers..

Ferrovial

Vendor Risk Management

Ferrovial

Vendor Risk Management

Analysis of Ferrovial methodology for the technological risk management of vendors, and identifying mappings with the LEET Security rating methodology.

Practical application with rating and audit of 4 services / vendors.

Tool development for automatization of mapping the results between rating methodology and specific security requirements depending on type and risk of service / vendor.

CNPIC

Collaboration Agreement

CNPIC

Collaboration Agreement

CNPIC at LEET Security have signed a Collaboration Agreement to allow CNPIC the use of LEET Security rating methodology to improve the contents of Infrastructure Protection Plans.

The collaboration also includes the contribution of LEET Security methodology to new reference model that would serve as the basis for the new certification of PIC.

INCIBE

Collaboration Agreement with CERTSI

INCIBE

Collaboration Agreement with CERTSI

Development of Value-Chain Cybersecurity Capacity Building Model as part of the Industrial Security National Scheme.

The model has been developed based on the general model of LEET Security for its application in industrial control systems by critical infrastructures operators (mainly).

RedSys

Payment Processing Services Rating

RedSys

Payment Processing Services Rating

RedSys is rating the core payment services that it provides to its customers. In this case, LEET Security is leading the assurance process that includes, besides cybersecurity rating, the joint assurance process of a SOC2 report for the same scope.

DXC Technologies

Outsourcing Services Rating [in progress]

DXC Technologies

Outsourcing Services Rating [in progress]

Infrastructure managed partly in the provider premises, partly in house in client promises

BT

IaaS Services Rating & ENS Certification

BT

IaaS Services Rating & ENS Certification

'Cloud private' service rating with add-ons needed for achieving rated level. BT has been the first Company in rating a pure cloud computing service. LEET Security has also certified that service meets ENS medium level requirements.

Service rating is published in section Qualified Services

Rural de Servicios Informáticos (RSI)

Services Rating

Rural de Servicios Informáticos (RSI)

Services Rating

RSI has rated all services they offer, both to partners, customers and, even internal services.

RSI has been the first company in rating their services, besides with an advanced approach, because they have done it together with a SOC2 report.

Service rating is published in section Qualified Services

.

EULEN Seguridad

CyberIntelligence Service Rating & ENS Certification

EULEN Seguridad

CyberIntelligence Service Rating & ENS Certification

EULEN has been the first company in rating the cybersecurity of a CyberIntelligence Service provided from the Advanced Cybersecurity Center. Besides LEET Security has also certified that the service is compliant with ENS.

Service rating is published in section Qualified Services

.

BBVA

Vendor Risk Management

BBVA

Vendor Risk Management

Analysis of BBVA methodology (develovep by third parties) for the technological risk management of vendors, and identifying mappings with the LEET Security rating methodology.

Practical application with rating and audit of 3 services / vendors: 2 of them related with application maintenance and support and a third one, about online signature and custody of agreements.

Tool development for automatization of mapping the results between rating methodology and specific security requirements depending on type and risk of service / vendor.

Sareb

Third Party Control Framework

Sareb

Third Party Control Framework

Analysis and assessment of own services. Characterization of third party risk, and establishment of required rating levels according to the risk.

Execution of rating for main third parties (“servicers”).

PwC

Consulting Services Rating

PwC

Consulting Services Rating

Security rating of infrastructures, facilities and informations systems for providing consulting services to their clients.

This service is considered a non-connected service and it is important to assure the cybersecurity posture because it could manage confidential or critical information on the provider systems.

Accenture

Services Rating

Accenture

Services Rating

Commercial application support and maintenance based on remote desktop platform provided by clients.

INDRA (Minsait)

Services Rating

INDRA (Minsait)

Services Rating

Application Csupport and maintenance based on remote desktop platform provided by clients.

UNISYS

Services Rating

UNISYS

Services Rating

Industrial application support and maintenance service.

CAP Gemini

Services Rating

CAP Gemini

Services Rating

Industrial application support and maintenance based on remote desktop platform provided by clients.

IECISA

Services Rating

Informática El Corte Inglés

Services Rating

Support and maintenance service based on remote desktop platform provided by clients.

AIUKEN

Services Rating

AIUKEN

Services Rating

AIUKEN has undergone the rating of all the managed security services they provide from their SOC, being the first company in rating this kind of services.

Service rating is published in section Qualified Services

.

Sistemas Informáticos Abiertos (SIA)

Services Rating

Sistemas Informáticos Abiertos (SIA)

Services Rating

SIA has undergone the cybersecurity rating of 3 services:

· Remote Maintenance Services

· In Situ Consultancy

· Advanced CyberSecurity Services

Service rating is published in section Qualified Services

.

Telefónica

IaaS Services Rating

Telefónica

IaaS Services Rating

Infrastructure managed in the cloud (IaaS) for hosting corporate web as part of a pilot by a final user.

The Phone House

Web Services Rating [in process]

The Phone House

Web Services Rating [in process]

Cybersecurity rating of services provided by ThePhoneHouse to their customers through their website.

SAPIMSA

Services Rating

SAPIMSA

Services Rating

Industrial application support and maintenance service.

TECHEDGE

Services Rating

TECHEDGE

Services Rating

Industrial application support and maintenance service.

ECIX Group

Consulting Services Rating

ECIX Group

Consulting Services Rating

Security rating of infrastructures, facilities and informations systems for providing consulting services to their clients.

This service is considered a non-connected service and it is important to assure the cybersecurity posture because it could manage confidential or critical information on the provider systems.

GMV

Supporting Services Rating

GMV

Supporting Services Rating

Security rating of infrastructures, facilities and informations systems for providing remote and inhouse administration and support services to their clients.

FUJITSU

IaaS Services Rating [in progress]

FUJITSU

IaaS Services Rating [in progress]

Infrastructure managed in the cloud (IaaS) under the denomination of K5

ATOS Spain

Services Rating

ATOS Spain

Services Rating

Application support and maintenance as part of a pilot by a final user.

LOGALTY

Services Rating

LOGALTY

Services Rating

Online agreements signature and custody service rating as part of a pilot by a final user.

COS Mantenimiento

Services Rating

COS Mantenimiento

Services Rating

Support service to users (Help Delk)as part of a pilot by a final user.