About us
We are a team with more than twenty years of experience dedicated exclusively to cybersecurity and regulatory compliance. We keep companies and administrations up to date with ISO 27001, the ENS, NIS2 or DORA, we put their systems and those of their suppliers to the test, and we respond when something happens. We are on the side of those who have to protect their organisation.
A certified, close-knit team, with no middlemen, across Spain.
What we do
We do not sell a standalone tool or a report that ends up in a drawer. We support your organisation across the whole cycle: from compliance to response, including putting what you already have, and whoever serves you, to the test.
We bring your organisation up to date with ISO 27001, the ENS, NIS2 or DORA, and leave it ready to pass any audit, not just to clear one once.
Regulatory complianceA master plan, risk analysis and an external CISO who decides what to protect, governs risk and answers to management.
Governance and strategyWe think like an attacker. Pentesting and red team on your applications, your infrastructure and your OT environments, so you know what to fix before they do.
Offensive securityMany of your systems are set up by a supplier. We check that they do it properly and, if not, we tell them how it should be done. And we assess the security of your entire supplier chain, exactly what NIS2 and DORA demand.
Risk analysisManaged detection and response, around the clock, so there is someone watching when you cannot and acting when needed.
Managed cybersecurityMost incidents start with a person. We train your team and your management so the human link stops being the weakest one.
Awareness and trainingWhat we believe in
We are not defined by a catalogue of services, but by the way we deliver them. These are the convictions we work with on every project.
We only do cybersecurity. By not spreading ourselves across other things, we reach a level of detail that a generalist profile cannot match.
We do not depend on any vendor or integrator. We are here to protect your organisation, not to sell you product, so when we review what has been set up for you, we tell you the truth.
No templates. Every project is designed for your reality, your size and your moment, not for someone else.
We speak plainly, with no jargon and no fine print. You deal with someone who understands your problem and is going to solve it.
Why they trust us
We have spent more than twenty years implementing, auditing and operating the security of public and private organisations. We know what the auditor will look at because we have sat on their side of the table many times. And yes: we go through ours too.
Regulatory depth. From NIS2 and DORA to TISAX and ISO 42001, each framework with its own service, not as an appendix to another.
Both sides of the audit. We implement systems and we audit them: we know the questions before they arrive.
Judgement from many houses. By protecting many organisations, we see patterns and solutions that a team from a single one never gets to know.
Method
The same path across every service, from the one-off pentest to the complete management system.
We listen to your situation: what applies to you, what worries you and what you have already built.
A clear proposal, with scope, priorities and budget. No fine print.
We work with you, we tell you what we are finding along the way and we close with results you can defend.
Carry on here
This is the story. If you want to go into detail, carry on with one of these pages.
The certifications and seals that back up what we do: ISO 27001, ENS high category, INCIBE and the team qualifications.
See accreditationsIf this is your field and you want to do it in depth, we want to meet you.
See how to joinQuestions
Cybersecurity and regulatory compliance, and only that. We cover the whole cycle: compliance (ISO 27001, ENS, NIS2, DORA), governance and strategy, offensive security, managed cybersecurity, awareness and business continuity.
A single focus and both sides of the audit: we implement and we audit, so we know what the auditor looks for before they arrive. And we are independent, not tied to any vendor, so we verify what your suppliers configure for you without any conflict of interest.
With the main ones: ISO 27001, the ENS, NIS2 and DORA, as well as TISAX, ISO 42001 and the GDPR. Each framework with its own service, not as an appendix to another.
Companies and public administrations, in Navarra and across Spain, remotely and on site, and companies operating in Europe.
Yes. We check that what a third party configures for you is properly done and, if not, we tell them how it should be done. We also assess the security of your entire supplier chain, as NIS2 and DORA require.
Shall we talk about your security?
Tell us how your organisation is today and what worries you, and we will suggest where to start. No commitment and no jargon.
Get in touch