The LEET Stamp is a label that materializes and shows the level of cybersecurity that a provider has in qualified service.
The LEET stamp gives an "score" to the security measures integrated by the supplier in the construction and operation of the service, unlike other mechanisms that only certify the implementation of management procedures -such as the ISO / IEC 27001 certification– or certifying product characteristics -Certification Common Criteria-, but in no case establish a quantitative assessment nor allow to show the security level in a given service regarding the information or data being handled.
In practical terms, is like a hotel, it requires an opening license, but we want to know as clients how many stars it has before making our reservation. In the same way, an ICT service must also be provided by an authorized company - and possibly have an ISO27001 certification -, and the LEET Stamp indicates, no ontly the number of stars, but also an evaluation of its rooms, restaurant and auxiliary facilities. Thus, higher rating levels imply a lower probability that the service will suffer an incident, but more importantly, greater provider's capabilities to restore normal service in less time.
The entire methodology, evaluation criteria and the registry of services, are public, so it provides total transparency when it comes to assess and compare different services when selecting your ICT providers.
The rating system managed by LEET Security becomes the first implementation of the recommendation of the EU Cybersecurity Strategy, to create ICT security labeling systems.
This rating is awarded in three dimensions: Confidentiality, Integrity and Availability , and the LEET Seal shows the Assessment obtained by the qualified service in each of them based on the security and continuity measures implemented, expressed by three letters, from A+ (corresponding to the highest level) to D (the most basic one).
LEET Security's objective is to facilitate the processes of contracting ICT services by simplifying the evaluation of their security.
LEET Security covers the lack of an objective system that standardizes the criteria and minimizes inequalities in the selection process of companies that compete in the ICT services market, avoiding adverse selection.
Through its seal, the LEET Security agency labels the different ICT services offered by providers based on an exhaustive and rigorous evaluation of the security measures they incorporate, the reliability of the provider and the resilience mechanisms applied.
From the customer's perspective How to compare two similar services? Will the contracted services I seek have the level of security I need? What happens if the supplier suffers an incident?
From the provider perspective How can I guarantee confidence in my services? How to differentiate myself from the competition based on my investments in security? How can I segment my offer?
Promotes transparency All users can know the rating levels of a service and have a complaint mechanism in case of non-compliance of the necessary conditions.
Limits the usual conflict of interest in trusted third parties Security system, based on supervised self-assessment, reduces the possibility of conflict of interest and sets the responsibility on the side of the provider of services.
Simplifies the understanding of the level of security An expert is not required to assess whether the service to be contracted is the appropriate one for the risk profile pursued.
Reduces implementation costs Supervised self-assessment model allows providers to enroll without having to face large adaptation costs.
Rationalize the audit process By using the rating system that incorporates the controls of the most widely used regulations and standards, ICT service providers can simplify the audit processes, avoiding repetitive tests ("audit once and use multiple" principle). .
LEET Security rating system, developed in 2010 and in continuous evolution, is recognized by the European Agency for Network and Information Security and is registered as a trust mechanism in the National Institute of Cybersecurity (INCIBE)..
The qualification methodology complies with UNE 71381:2016 Information technology. Cloud computing. Labelling systems