References

Mapfre and LEET Security have signed a collaboration agreement to promote the use of cybersecurity rating and labelling. Mapfre will foster the rating of services it uses and LEET will offer spetial conditions to Mapfre's service providers.

Analysis of Ferrovial methodology for the technological risk management of vendors, and identifying mappings with the LEET Security rating methodology.

Practical application with rating and audit of 6 services / vendors along 2 years.

Tool development for automatization of mapping the results between rating methodology and specific security requirements depending on type and risk of service / vendor.

CNPIC at LEET Security have signed a Collaboration Agreement to allow CNPIC the use of LEET Security rating methodology to improve the contents of Infrastructure Protection Plans.

The collaboration also includes the contribution of LEET Security methodology to new reference model that would serve as the basis for the new certification of PIC.

Analysis of current purchasing management processes, for the use of the LEET Security rating methodology within the supplier control model.

Execution of various rating services in accordance with the LEET Security standard, in order to contrast the adequacy and correspondence between rating levels and Aliseda Inmobiliaria's requirements.

Supply of E-Qualify Premium codes for conducting self-evaluations by other providers.

Analysis of Repsol methodology for the technological risk management of vendors, and identifying mappings with the LEET Security rating methodology.

Practical application with rating and audit of 6 services / vendors along 2 years.

Integration of rating methodology with procurement process to be part of the concentration process that Repsol is carrying on with development providers.

RedSys is rating the core payment services that it provides to its customers. In this case, LEET Security is leading the assurance process that includes, besides cybersecurity rating, the joint assurance process of a SOC2 report for the same scope.

Infrastructure managed partly in the provider premises, partly in house in client promises

'Cloud private' service rating with add-ons needed for achieving rated level. BT has been the first Company in rating a pure cloud computing service. LEET Security has also certified that service meets ENS medium level requirements.

Service rating is published in sectionQualified Services

RSI has rated all services they offer, both to partners, customers and, even internal services.

SI has been the first company in rating their services, besides with an advanced approach, because they have done it together with a SOC2 report.

Service rating is published in section Qualified Services

EULEN has been the first company in rating the cybersecurity of a CyberIntelligence Service provided from the Advanced Cybersecurity Center. Besides LEET Security has also certified that the service is compliant with ENS.

Service rating is published in section Qualified Services

Evaluation of Public Cloud services in Europe and Infrastructure Outsourcing Services, which include the operation of mainframe systems and servers, end user services, service management, network services, security and risk management, asset management and contract management.

Through JOINT audits, the controls required by the ENS in the HIGH category and those of the LEET Security benchmark have been evaluated, thus obtaining the ENS certification and the qualification for both services.

Qualification of all service lines provided from Deloitte's CyberSOC EMEA Center, on the lines of:

Cyber Strategy

Cyber Secure

Vigilant

Cyber Resilient services

Thus leaving the entire portfolio of security services provided by Deloitte under the scope of the rating.

Acquisition of a code package for distribution among organization suppliers.

Sacyr also has an administrator user, which will allow them to know the degree of progress of the evaluations carried out by its suppliers, as well as the results obtained for the different domains, which will allow it to establish requirements for the improvement of capacities in the areas showing the main weakness.

Application Csupport and maintenance based on remote desktop platform provided by clients.

Industrial application support and maintenance service.

Industrial application support and maintenance based on remote desktop platform provided by clients.

Support and maintenance service based on remote desktop platform provided by clients.

AIUKEN has undergone the rating of all the managed security services they provide from their SOC, being the first company in rating this kind of services.

Service rating is published in section Qualified Services

SIA has undergone the cybersecurity rating of 3 services:

· Remote Maintenance Services

· In Situ Consultancy

· Advanced CyberSecurity Services

Service rating is published in section Qualified Services

Audit for ENS certification for Information Systems that support Architecture, Systems and Processes services used in the Management of Information Systems, Security and Telecommunications of Secure & View Service Clients.

The services are provided by the SOC Secure & View, surveillance center and for the management, administration and early warning of security events.

Through joint audits, the controls required by the ENS in the MEDIA category and those of the LEET Security reference have been evaluated, thus obtaining the ENS certification and the qualification for the Information Systems that support the Services of Managed Security and Security Consulting provided by ViewNext's SOC.

Industrial application support and maintenance service.

Industrial application support and maintenance service.

Security rating of infrastructures, facilities and informations systems for providing consulting services to their clients.

This service is considered a non-connected service and it is important to assure the cybersecurity posture because it could manage confidential or critical information on the provider systems.

Security rating of infrastructures, facilities and informations systems for providing remote and inhouse administration and support services to their clients.

Carrying out complete mappings between BCC's own security controls framework and LEET Security's referential, to obtain the degree of compliance with respect to the former from the detailed results of the qualified services.

A complete evaluation and qualification of several providers has been carried out, providing the results in both models. BCC will be able to know the degree of compliance with its framework by any supplier that has a qualification.