Asset inventory and ENS category determination
We build the information asset inventory — hardware, software, data, services and communications — that falls within the ENS scope for your organisation. From that inventory we assess the impact a security incident would have on the five CIDAT dimensions (confidentiality, integrity, availability, authenticity and traceability) for each service delivered to the public administration, and we determine the system category — basic, medium or high — in accordance with Annex I of RD 311/2022. This category is the starting point that determines which Annex II controls are mandatory and which conformity path you must follow.