Spanish National Guidelines for Reporting and Managing Cyber Incidents

Posted date 28/04/2020

This document provides Information Security Officers (ISOs) with guidelines for complying with the obligation to report cybersecurity incidents that have taken place within Public Administrations, critical infrastructures and strategic operators under their purview, as well as the rest of the entities included in the scope of application of Spanish Royal Decree-Law 12/2018.

The purpose of these guidelines is to create a reference framework agreed upon by the competent national bodies in the field of cybersecurity incident reporting and management. It is in line with Spanish regulations, European transpositions, as well as documents issued by supranational bodies that seek to harmonize cybersecurity incident response capabilities.

The Guidelines are established as a minimum reference in which every entity, public or private, citizen or body finds an outline and detailed guidance on to whom and how they should report a cybersecurity incident within their area of influence.