TEIMAS maintains ISO 27001 and ENS certifications. Mónica Illobre and Vicente Quintáns explain their value, management, and cybersecurity challenges.
.png)
Information security is now one of the fundamental pillars for any technology company. At TEIMAS, this commitment is reflected in the maintenance of key certifications such as ISO 27001 and the Spanish National Security Framework (ENS), two standards that ensure data protection, the implementation of security measures, and the robustness of internal processes.
Behind this ongoing work are Mónica Illobre and Vicente Quintáns, responsible for the management and evolution of TEIMAS’ Information Security Management System (ISMS). In this interview, they explain what these certifications entail and the value they bring both to the organisation and its clients.
ISO 27001 is an international standard that sets out how to manage information security within an organisation. Its scope is very broad; it is not limited to the IT department but affects the entire company. In practice, it involves identifying risks associated with any type of asset (information, processes, technology or people) and establishing controls to protect them.
It also requires direct involvement from senior management and a thorough analysis of the organisation’s context, both internal and external. This ensures that security is treated as a cross-cutting process involving all areas of the company.
The Spanish National Security Framework (ENS), on the other hand, is a regulatory framework designed to ensure that public administrations and the systems they use meet certain security requirements. It also applies to supplier companies, meaning that many technology firms must comply with this framework in order to work with the public sector.
In our case, both certifications are supported by the ISMS (Information Security Management System) implemented at TEIMAS. This is the system that enables us to organise, measure and continuously improve how we manage security.
Yes, it is continuous work. Certifications are audited periodically, but in reality, security management takes place every day.
The company is constantly evolving: new technologies, processes and tools emerge—such as the growing use of artificial intelligence—and all of this must be integrated into the security management system. The key is ensuring that the ISMS evolves at the same pace as the business.
At the beginning, implementing this type of system can be complex, as it involves a significant amount of documentation and methodology. In fact, ENS certification includes more than 600 controls, depending on the level applied for. However, over time it becomes a structured way of managing risks and making more informed decisions.
The main assurance is that there is external and independent verification that security processes are effective and regularly reviewed.
Maintaining these certifications requires strict regulatory compliance, including the existence of security policies, vulnerability assessments, and standardised procedures for handling any type of incident.
For clients—especially those dealing with sensitive data or working with public administrations—this provides a strong guarantee of reliability and trustworthiness.
Risks change over time. At present, one of the major challenges is the impact of artificial intelligence and the new regulations emerging around its use. This introduces new uncertainties regarding how data and access should be managed.
At the same time, threats continue to grow. At TEIMAS, we carry out regular security testing, such as penetration tests and controlled attack simulations, which allow us to identify vulnerabilities before they become real issues.
Training is also essential. Security depends not only on technology but also on people and processes.
Ultimately, good security management is usually invisible. When everything works properly, it is barely noticeable. But behind that normality lies a great deal of analysis, planning and continuous improvement.
.png)
