Mapfre

Collaboration Agreement

Mapfre

Collaboration Agreement

Mapfre and LEET Security have signed a collaboration agreement to promote the use of cybersecurity rating and labelling. Mapfre will foster the rating of services it uses and LEET will offer spetial conditions to Mapfre's service providers.

Ferrovial

Vendor Risk Management

Ferrovial

Vendor Risk Management

Analysis of Ferrovial methodology for the technological risk management of vendors, and identifying mappings with the LEET Security rating methodology.

Practical application with rating and audit of 6 services / vendors along 2 years.

Tool development for automatization of mapping the results between rating methodology and specific security requirements depending on type and risk of service / vendor.

CNPIC

Collaboration Agreement

CNPIC

Collaboration Agreement

CNPIC at LEET Security have signed a Collaboration Agreement to allow CNPIC the use of LEET Security rating methodology to improve the contents of Infrastructure Protection Plans.

The collaboration also includes the contribution of LEET Security methodology to new reference model that would serve as the basis for the new certification of PIC.

ALISEDA

Vendor Risk Management, VRM.

ALISEDA

Vendor Risk Management, VRM.

Analysis of current purchasing management processes, for the use of the LEET Security rating methodology within the supplier control model.

Execution of various rating services in accordance with the LEET Security standard, in order to contrast the adequacy and correspondence between rating levels and Aliseda Inmobiliaria's requirements.

Supply of E-Qualify Premium codes for conducting self-evaluations by other providers.

Repsol

Vendor Risk Management

Repsol

Vendor Risk Management

Analysis of Repsol methodology for the technological risk management of vendors, and identifying mappings with the LEET Security rating methodology.

Practical application with rating and audit of 6 services / vendors along 2 years.

Integration of rating methodology with procurement process to be part of the concentration process that Repsol is carrying on with development providers.

RedSys

Payment Processing Services Rating

RedSys

Payment Processing Services Rating

RedSys is rating the core payment services that it provides to its customers. In this case, LEET Security is leading the assurance process that includes, besides cybersecurity rating, the joint assurance process of a SOC2 report for the same scope.

DXC Technologies

Outsourcing Services Rating

DXC Technologies

Outsourcing Services Rating

Infrastructure managed partly in the provider premises, partly in house in client promises

Evolutio

IaaS Services Rating & ENS Certification

Evolutio

IaaS Services Rating & ENS Certification

'Cloud private' service rating with add-ons needed for achieving rated level. BT has been the first Company in rating a pure cloud computing service. LEET Security has also certified that service meets ENS medium level requirements.

Service rating is published in sectionQualified Services

Rural de Servicios Informáticos (RSI)

Services Rating

Rural de Servicios Informáticos (RSI)

Services Rating

RSI has rated all services they offer, both to partners, customers and, even internal services.

SI has been the first company in rating their services, besides with an advanced approach, because they have done it together with a SOC2 report.

Service rating is published in section Qualified Services

EULEN Seguridad

CyberIntelligence Service Rating & ENS Certification

EULEN Seguridad

CyberIntelligence Service Rating & ENS Certification

EULEN has been the first company in rating the cybersecurity of a CyberIntelligence Service provided from the Advanced Cybersecurity Center. Besides LEET Security has also certified that the service is compliant with ENS.

Service rating is published in section Qualified Services

IBM

ENS Qualification and Certification

IBM

ENS Qualification and Certification

Evaluation of Public Cloud services in Europe and Infrastructure Outsourcing Services, which include the operation of mainframe systems and servers, end user services, service management, network services, security and risk management, asset management and contract management.

Through JOINT audits, the controls required by the ENS in the HIGH category and those of the LEET Security benchmark have been evaluated, thus obtaining the ENS certification and the qualification for both services.

CyberSOC / Deloitte

Services Rating

CyberSOC / Deloitte

Services Rating

Qualification of all service lines provided from Deloitte's CyberSOC EMEA Center, on the lines of:

Cyber Strategy

Cyber Secure

Vigilant

Cyber Resilient services

Thus leaving the entire portfolio of security services provided by Deloitte under the scope of the rating.

SACYR

E-Qualify Premium for providers

SACYR

E-Qualify Premium for providers

Acquisition of a code package for distribution among organization suppliers.

Sacyr also has an administrator user, which will allow them to know the degree of progress of the evaluations carried out by its suppliers, as well as the results obtained for the different domains, which will allow it to establish requirements for the improvement of capacities in the areas showing the main weakness.

INDRA (Minsait)

Services Rating

INDRA (Minsait)

Services Rating

Application Csupport and maintenance based on remote desktop platform provided by clients.

UNISYS

Services Rating

UNISYS

Services Rating

Industrial application support and maintenance service.

CAP Gemini

Services Rating

CAP Gemini

Services Rating

Industrial application support and maintenance based on remote desktop platform provided by clients.

IECISA

Services Rating

Informática El Corte Inglés

Services Rating

Support and maintenance service based on remote desktop platform provided by clients.

AIUKEN

Services Rating

AIUKEN

Services Rating

AIUKEN has undergone the rating of all the managed security services they provide from their SOC, being the first company in rating this kind of services.

Service rating is published in section Qualified Services

Sistemas Informáticos Abiertos (SIA)

Services Rating

Sistemas Informáticos Abiertos (SIA)

Services Rating

SIA has undergone the cybersecurity rating of 3 services:

· Remote Maintenance Services

· In Situ Consultancy

· Advanced CyberSecurity Services

Service rating is published in section Qualified Services

.

Secure IT

ENS Certification

Secure IT

ENS Certification

Audit for ENS certification for Information Systems that support Architecture, Systems and Processes services used in the Management of Information Systems, Security and Telecommunications of Secure & View Service Clients.

The services are provided by the SOC Secure & View, surveillance center and for the management, administration and early warning of security events.

ViewNext

ENS Certification

ViewNext

ENS Certification

Through joint audits, the controls required by the ENS in the MEDIA category and those of the LEET Security reference have been evaluated, thus obtaining the ENS certification and the qualification for the Information Systems that support the Services of Managed Security and Security Consulting provided by ViewNext's SOC.

SAPIMSA

Services Rating

SAPIMSA

Services Rating

Industrial application support and maintenance service.

TECHEDGE

Services Rating

TECHEDGE

Services Rating

Industrial application support and maintenance service.

ECIX Group

Consulting Services Rating

ECIX Group

Consulting Services Rating

Security rating of infrastructures, facilities and informations systems for providing consulting services to their clients.

This service is considered a non-connected service and it is important to assure the cybersecurity posture because it could manage confidential or critical information on the provider systems.

GMV

Supporting Services Rating

GMV

Supporting Services Rating

Security rating of infrastructures, facilities and informations systems for providing remote and inhouse administration and support services to their clients.

BCC Cajamar

Vendor Risk Management, VRM.

BCC Cajamar

Vendor Risk Management, VRM.

Carrying out complete mappings between BCC's own security controls framework and LEET Security's referential, to obtain the degree of compliance with respect to the former from the detailed results of the qualified services.

A complete evaluation and qualification of several providers has been carried out, providing the results in both models. BCC will be able to know the degree of compliance with its framework by any supplier that has a qualification.