Normative compliance – Caberseg

Normative compliance

Home/Computer security services/Normative compliance

Advice and Audit in relation to the regulatory aspects, national and international laws and regulations that substantially affect the Information Systems, and in particular, the security and control measures. In most cases they require a process of adaptation of the same as the establishment of audits and periodic maintenance.

At the moment, the awareness that has been reached regarding compliance with the Organic Law of Protection of Personal Data is already quite high. All the Entities know the important repercussions of this law, and most of them have taken action in this regard.
However, many of these are insufficient or inefficient, and a full review of the measures carried out reflects weaknesses that could lead to significant sanctions.Posing a correct strategy is therefore fundamental, being essential to give sufficient relevance to legal adaptation, technical procedures, biennial regulatory audit or maintenance of the Security Document.
In this sense, Caberseg offers a vast experience in this area, which position us as a reference in knowledge, equipment, tools used or market references.

Within this section, we can distinguish the following services:


In this service will proceed to perform the following actions:

Analysis of the data processed by your company.
Determination of Applicable Safety Level.
Registration of the Personal Data Files in the AEPD.
Elaboration of the Security Document.
Adaptation of your Company Documentation (forms for collecting personal data, contracts, clauses to incorporate all types of contracts, such as payroll commercial contracts and any others that involve the collection of personal data …).


This service will analyze the compliance level with respect to Royal Decree 1720/2007 for medium and high ownership files of the Entity. Issuing the corresponding biennial audit report, which should be available to the Spanish Data Protection Agency.


This service entails the implementation and follow-up of the actions to be carried out to comply with the LOPD, the carrying out of the periodic checks required by the R.D. 1720/2007, the updating of the documentation based on the results of the checks carried out, the training of the Entity’s personnel, as well as the resolution of any legal consultation regarding the LOPD, which may arise.

Its purpose is to define the common minimum requirements for Internet payment services defined by the European Central Bank (ECB), irrespective of the device used, including:

  •  Credit cards
  •  Transfers
  •  e-Mandatos
  •  Electronic Money

The audits consist of analyzing the recommendations of the BCE, indicating, for each of the controls, the degree of compliance (compliance, partial compliance, non-compliance or non-compliance) as well as the recommendations to be taken into account in case of non-compliance In the ECB’s recommendations.

On October 12, 2002 Law 34/2002, of July 11, on Services of the Information Society and Electronic Commerce (LSSI-CE) came into force, practically in its entirety.

This Law has many areas of action. Among others, it affects all those companies that own a web page, since the services they provide through it, directly or indirectly, are part of the scope of their commercial or professional activity, and therefore bring economic benefits or promotion of their activity.

It also regulates expressly, the sending of emails.

With regard to the Law on Measures to Promote the Information Society (LISI), it entered into force on 29 December 2007. This legislation entails the amendment of the LSSI-CE (Art. 12 bis) of March 29, 2007.

This regulatory framework, being intimately related to the internal and external systems and processes of companies, especially affects companies included in any of the following sectors:

Financial entities (Banking, financial assets …).
Gas, Water, Telephone, Electricity (energy market operators).
Travel agencies, transport.
Retail trade activities.

Within this section, we can distinguish the following services:


Analysis and definition of obligations for the company, legal recommendations, drafting of web site security policy, review and / or drafting of third party contracts of treatment, legal clauses, etc.


Based on the level of compliance with the Law on Services of the Information Society and Electronic Commerce (LSSI-CE) and the Law on Measures to Promote the Information Society (LISI), an audit report will be issued with The weaknesses detected, as well as our recommendation on how to remedy them.

Nowadays, the widespread use of the Internet causing changes in all branches of law so it is necessary to adapt to maintain the activity that is developed on the Internet.

Our group of lawyers possesses specialization in laws and the use of new technologies in law, as well as the implications that these can have on organizations.

Some of the aspects that are influenced are:

  • Online recruitment
  • E-commerce
  • Data Protection
  • Intellectual property and content management
  • Digital signature
  • Content protection on websites


Advise, adapt, review, maintain and audit the application of the National Security Scheme on the electronic means of the Public Administrations that give access to Public Services.


Advise on the establishment of principles and guidelines for interoperability in the exchange and conservation of electronic information by Public Administrations.

Following the latest regulatory changes and alterations in business models globally, the implementation of a compliance culture as well as the establishment of control and enforcement measures has become one of the priorities for companies, regardless of their sector.

On the other hand, special reference should be made to the introduction in our legal system of the Criminal Responsibility of Legal Persons, in charge of the reforms of the Penal Code, which poses a theoretical challenge for the Administration of Justice as well as a challenge for the companies, which must implement models of prevention of criminal risks that allow them not only to delve into the Culture of Compliance, but also to be exempt from a possible criminal conviction.

To this end, Caberseg offers its clients a range of services designed to adapt all types of companies to this new reality.

In this sense, our services are directed to the Implantation, Development and Review of Models of Prevention of Criminal Risks, and more concretely:

  • Development and updating of Criminal Risk Maps.
  • Elaboration of Internal Procedures on compliance.
  • Elaboration of Codes of Conduct and internal regulations.
  • Analysis and improvement of procedures and controls implemented.
  • Administration and external processing of complaint channels.
  • Periodic review of the operation of the Models of Prevention of Criminal Risks.
  • Consultancy on Criminal Responsibility of the Legal Entity.

For all this, Caberseg has professionals trained in this new legal area and with the experience acquired as a result of their participation in projects and works in different sectors (banking, health, industrial, etc.)

Critical Infrastructure Protection, MIFID, Prevention of Money Laundering, Sarbanes Oxley, Basel III, Solvency II, …