References

Mapfre
Mapfre
Mapfre and LEET Security have signed a collaboration agreement to promote the use of cybersecurity rating and labelling. Mapfre will foster the rating of services it uses and LEET will offer spetial conditions to Mapfre's service providers.

Ferrovial
Ferrovial
Analysis of Ferrovial methodology for the technological risk management of vendors, and identifying mappings with the LEET Security rating methodology.
Practical application with rating and audit of 6 services / vendors along 2 years.
Tool development for automatization of mapping the results between rating methodology and specific security requirements depending on type and risk of service / vendor.

CNPIC
CNPIC
CNPIC at LEET Security have signed a Collaboration Agreement to allow CNPIC the use of LEET Security rating methodology to improve the contents of Infrastructure Protection Plans.
The collaboration also includes the contribution of LEET Security methodology to new reference model that would serve as the basis for the new certification of PIC.

ALISEDA
ALISEDA
Analysis of current purchasing management processes, for the use of the LEET Security rating methodology within the supplier control model.
Execution of various rating services in accordance with the LEET Security standard, in order to contrast the adequacy and correspondence between rating levels and Aliseda Inmobiliaria's requirements.
Supply of E-Qualify Premium codes for conducting self-evaluations by other providers.

Repsol
Repsol
Analysis of Repsol methodology for the technological risk management of vendors, and identifying mappings with the LEET Security rating methodology.
Practical application with rating and audit of 6 services / vendors along 2 years.
Integration of rating methodology with procurement process to be part of the concentration process that Repsol is carrying on with development providers.

RedSys
RedSys
RedSys is rating the core payment services that it provides to its customers. In this case, LEET Security is leading the assurance process that includes, besides cybersecurity rating, the joint assurance process of a SOC2 report for the same scope.

DXC Technologies
DXC Technologies
Infrastructure managed partly in the provider premises, partly in house in client promises

Evolutio
Evolutio
'Cloud private' service rating with add-ons needed for achieving rated level. BT has been the first Company in rating a pure cloud computing service. LEET Security has also certified that service meets ENS medium level requirements.
Service rating is published in sectionQualified Services

Rural de Servicios Informáticos (RSI)
Rural de Servicios Informáticos (RSI)
RSI has rated all services they offer, both to partners, customers and, even internal services.
SI has been the first company in rating their services, besides with an advanced approach, because they have done it together with a SOC2 report.
Service rating is published in section Qualified Services

EULEN Seguridad
EULEN Seguridad
EULEN has been the first company in rating the cybersecurity of a CyberIntelligence Service provided from the Advanced Cybersecurity Center. Besides LEET Security has also certified that the service is compliant with ENS.
Service rating is published in section Qualified Services

IBM
IBM
Evaluation of Public Cloud services in Europe and Infrastructure Outsourcing Services, which include the operation of mainframe systems and servers, end user services, service management, network services, security and risk management, asset management and contract management.
Through JOINT audits, the controls required by the ENS in the HIGH category and those of the LEET Security benchmark have been evaluated, thus obtaining the ENS certification and the qualification for both services.

CyberSOC / Deloitte
CyberSOC / Deloitte
Qualification of all service lines provided from Deloitte's CyberSOC EMEA Center, on the lines of:
Cyber Strategy
Cyber Secure
Vigilant
Cyber Resilient services
Thus leaving the entire portfolio of security services provided by Deloitte under the scope of the rating.

SACYR
SACYR
Acquisition of a code package for distribution among organization suppliers.
Sacyr also has an administrator user, which will allow them to know the degree of progress of the evaluations carried out by its suppliers, as well as the results obtained for the different domains, which will allow it to establish requirements for the improvement of capacities in the areas showing the main weakness.

INDRA (Minsait)
INDRA (Minsait)
Application Csupport and maintenance based on remote desktop platform provided by clients.

UNISYS
UNISYS
Industrial application support and maintenance service.

CAP Gemini
CAP Gemini
Industrial application support and maintenance based on remote desktop platform provided by clients.

IECISA
Informática El Corte Inglés
Support and maintenance service based on remote desktop platform provided by clients.

AIUKEN
AIUKEN
AIUKEN has undergone the rating of all the managed security services they provide from their SOC, being the first company in rating this kind of services.
Service rating is published in section Qualified Services

Sistemas Informáticos Abiertos (SIA)
Sistemas Informáticos Abiertos (SIA)
SIA has undergone the cybersecurity rating of 3 services:
· Remote Maintenance Services
· In Situ Consultancy
· Advanced CyberSecurity Services
Service rating is published in section Qualified Services
.
Secure IT
Secure IT
Audit for ENS certification for Information Systems that support Architecture, Systems and Processes services used in the Management of Information Systems, Security and Telecommunications of Secure & View Service Clients.
The services are provided by the SOC Secure & View, surveillance center and for the management, administration and early warning of security events.

ViewNext
ViewNext
Through joint audits, the controls required by the ENS in the MEDIA category and those of the LEET Security reference have been evaluated, thus obtaining the ENS certification and the qualification for the Information Systems that support the Services of Managed Security and Security Consulting provided by ViewNext's SOC.

SAPIMSA
SAPIMSA
Industrial application support and maintenance service.

TECHEDGE
TECHEDGE
Industrial application support and maintenance service.

ECIX Group
ECIX Group
Security rating of infrastructures, facilities and informations systems for providing consulting services to their clients.
This service is considered a non-connected service and it is important to assure the cybersecurity posture because it could manage confidential or critical information on the provider systems.

GMV
GMV
Security rating of infrastructures, facilities and informations systems for providing remote and inhouse administration and support services to their clients.

BCC Cajamar
BCC Cajamar
Carrying out complete mappings between BCC's own security controls framework and LEET Security's referential, to obtain the degree of compliance with respect to the former from the detailed results of the qualified services.
A complete evaluation and qualification of several providers has been carried out, providing the results in both models. BCC will be able to know the degree of compliance with its framework by any supplier that has a qualification.