Asset inventory and ENS category determination
We build the information asset inventory — hardware, software, data, services and communications — that falls within the ENS scope for your organisation. We assess the impact a security incident would have on the five CIDAT dimensions (confidentiality, integrity, availability, authenticity and traceability) for each service delivered to Bilbao City Council, the Diputación Foral de Bizkaia, the Basque Government or UPV/EHU, and determine the system category — basic, medium or high — in accordance with Annex I of RD 311/2022. This category sets which Annex II controls are mandatory and which conformity path you must follow.