As part of its ongoing commitment to the continuous improvement of its Integrated Management System, INGECID has obtained the UNE-EN ISO/IEC 27001:2017 certification for Information Security Management Systems. This new certification adds to those the company already held: ISO 9001, ISO 14001, UNE 166002, and UNE 73401.

This internationally recognized certification attests to INGECID’s effective management of assets and the implementation of appropriate controls for their protection, as defined in its Statement of Applicability. The ISO/IEC 27001:2013 international standard specifies the requirements for establishing, implementing, maintaining, and continuously improving an information security management system (ISMS). It also defines the requirements for assessing and addressing information security risks in line with an organization’s specific needs.

During the certification process, the following actions were carried out:

  • Preliminary assessment of INGECID’s existing management system.
  • Identification of legislative and regulatory requirements.
  • Preparation of an asset inventory.
  • Development of an information security risk assessment and action plan.
  • Preparation of the Statement of Applicability, implementing all controls indicated in UNE-EN ISO/IEC 27002:2017, with no exclusions.

As part of the integration of the Information Security Management process, new procedures and instructions were developed, including:

  • Information Security Procedure, detailing the methodology used to inventory and classify assets, manage risks, and establish appropriate controls.
  • Internal Information Security Policy Instruction.
  • Business Continuity Plan.
  • Formation of the Information Security Committee.

In addition, several existing procedures were reviewed and enhanced, notably:

  • Communication procedure.
  • Infrastructure procedure.
  • Nonconformities procedure, updated to include the detection and management of information security incidents.
  • Document control procedure.
  • Procurement procedure, updated to address information security and data protection requirements.
  • Audit procedure, including the performance of an annual internal audit.

The proper implementation of these improvements across all company departments was reinforced through various awareness and training initiatives for all employees.

Finally, Bureau Veritas, an entity accredited by ENAC, conducted the external certification audits in two phases, granting INGECID certification of its management system in accordance with UNE-EN ISO/IEC 27001:2017 requirements, valid through 2025.

This achievement reaffirms INGECID’s strong commitment to information security across its internal processes and services, as well as to compliance with legal requirements and client expectations in the most demanding and competitive sectors—design, training, and software development in civil and nuclear engineering.

INGECID shares its innovative experiences using the BIM methodology on Bilbao’s Southern Metropolitan Bypass
INGECID contributes its vision on the perspective of nuclear energy in Spain to summer courses at Menéndez Pelayo International University (UIMP)

YOUR NEXT BIG PROJECT STARTS HERE

/ Let’s discuss how our solutions can help you achieve your goals.

/ Extensive experience across multiple sectors

LATEST NEWS

  • ENEC awards to INGECID in ARAB EMIRATES
    22/07/2025
    ENEC engages INGECID to take part in a strategic study for spent fuel storage in the United Arab Emirates

  • 18/06/2025
    INGECID Internationalization Award at the Cantabria 2025 SME of the Year Awards
  • 13/03/2025
    INGECID at the "BIM methodology applied to public procurement” conference