Mapfre has received the National Security Framework (ENS) certificate from AENOR, which establishes the necessary conditions to strengthen trust in the use of information and electronic means. This achievement means that best practices have been established in the security of systems, data, communications, and electronic services, enabling the exercise of rights and the fulfillment of obligations through these channels.

This certificate, which adds to others in the field of information security, such as the ISO 27001 certification, strengthens trust among Mapfre’s customers.

The scope of the ENS certificate obtained includes the Corporate Security Division and the information systems that support the Global SOC (Security Operations Center), the operational body responsible for information security management across the entire Group. Specifically, the areas belonging to the SOC are the subject of this certification:

The Center is responsible for managing the protection of all Mapfre physical assets located in Spain through a certified Alarm Receiving Center, supervised by the Ministry of the Interior and authorized for direct connection with the Operations Centers of the State Security Forces and Corps (FCSE), in accordance with the Private Security Law.

It is also responsible for managing the Access Control System (SCA) as an activity integrated within the Alarm Receiving Center, focused on administering access to Mapfre facilities.

Management of user access and modifications for the different groups (employees, exclusive insurance agents, other agents, providers, partners, etc.) within Mapfre’s Information Systems.

This includes the monitoring, analysis, and containment of events across Mapfre’s networks and information systems.

Mapfre’s Global Security Operations Center is the entity authorized as a CERT, providing the Group with monitoring, identity management, and access control capabilities, as well as global incident response services.

This center is responsible for managing the Group’s security platforms, including network monitoring and the analysis of the network, servers, users, and applications.

Thanks to this certification, Mapfre strengthens its information security management system, confirming during the audit process its commitment to a cybersecurity strategy focused on the organization’s continuous improvement in information security matters. The certification also highlights configuration management, provider and supply chain management, proper administration and change management in information security, incident management, and authorization management for communications protection.

The AENOR certificate has been delivered to Guillermo Llorente, Group Head of Security and CISO of Mapfre. Llorente is a Lieutenant Colonel. He served as head of the Army’s Counterintelligence and Internal Security Unit, is a Staff College graduate, and is highly specialized in security, with qualifications such as the Guardia Civil Higher Intelligence Course and the Professional Risk Management Expert course. He has extensive experience and is a benchmark in security in Spain. He is part of the advisory and executive boards of numerous security associations, including ISACA, ISMS Forum, and the Madrid Cybersecurity Cloister, and is also a member of the Spanish National Cybersecurity Forum, which operates under the Government.  As CISO and CSO, he is responsible for the security of Mapfre’s information and corporate security globally, including crisis management, business continuity, and cybersecurity.

National Security Scheme (ENS), protection guarantee

Currently, there are more than 350 companies and organizations certified by AENOR under this framework across Spain, with the National Security Scheme being a mandatory law for public administrations and for their providers, thereby reinforcing trust in certified services. This requirement is particularly relevant for providers to the Public Administration, among which Mapfre is included.

Cybersecurity at Mapfre

This progress is part of a robust governance structure that Mapfre has developed to manage cybersecurity effectively. It is structured as a multi-level system that combines strategic oversight and operational execution to ensure the comprehensive management of security, privacy, and resilience risks.

The Board of Directors assumes ultimate responsibility, defining policies, risk appetite, and overseeing compliance, supported by the Risk, Sustainability, and Compliance Committee, which strengthens the monitoring and control of risks, including those related to ICT.

At the strategic operational level, the Corporate Security, Crisis, and Resilience Committee ensures the integration of security in business processes and leads crisis management, supported by specific committees and equivalent structures at the regional and local levels.

The Corporate Security Division constitutes the central execution hub, being responsible for defining standards, risk management (including cybersecurity), asset protection, business continuity, regulatory compliance, and liaison with authorities, while also performing second-line-of-defense functions.

This model is completed by the involvement of all business units and employees, who apply security measures in their daily activities, ensuring a transversal and organization-wide aligned approach.

About AENOR

AENOR contributes to the transformation of society by building trust between organizations and individuals through conformity assessment services (certification, inspection and testing), training and information, as well as business transformation consulting developed by AENOR Conocimiento. It is Spain’s leading trust-building organization, and more than 98,000 workplaces worldwide hold AENOR certificates in fields such as quality management, artificial intelligence, cybersecurity, and ESG-related areas, including criminal compliance, corporate governance, equality, environmental management, and sustainable construction.

AENOR’s key competitive advantages include the highest brand recognition among companies and consumers; having its own staff, which allows it to manage accumulated knowledge for the benefit of its clients; innovating in addressing new competitiveness gaps thanks to its proximity to sources of knowledge; and its geographical and sectoral reach.

AENOR is a global organization operating in 87 countries. In Spain, it has offices in all Autonomous Communities with its own auditors, and it has a permanent presence in 13 other countries, mainly in Latin America and Europe.