Certifications

Security and regulatory compliance

The management of communications with customers, users, and citizens involves the processing of sensitive documentation, personal data, and critical information flows. In this context, security cannot be considered an additional capability, but rather the foundation on which any CCM platform must be built. The ENS High Level, ISO 27001, and ISO 27018 certifications confirm that iberDok complies with the most demanding national and international standards in information security, risk management, and personal data protection.

ENS High Level Certification

ENS High Level

Maximum security level for critical information systems and services within the Spanish regulatory framework.

ISO 27001 Certification

ISO 27001

Audited information security management system based on risk assessment and continuous improvement.

ISO 27018 Certification

ISO 27018

Protection of personal data in cloud environments, fully aligned with GDPR requirements.

Security as a structural requirement in CCM solutions

 

Customer Communications Management platforms operate at the core of the most sensitive processes within any organization: the generation of contractual documents, regulated communications, case management, and multichannel distribution of critical information. The nature of these processes requires security to be embedded from the design stage of the solution, rather than added as an afterthought.

 

iberDok has developed its CCM platform based on this principle. Each certification obtained is the result of independent and exhaustive audits that verify that the implemented controls, procedures, and security measures are real, effective, and sustainable over time.

ENS High Level: the reference framework for security in the public sector and regulated environments

 

The National Security Scheme (ENS), established by Royal Decree 311/2022, defines the principles and minimum security requirements that information systems used by Public Administrations and their service providers must comply with. The High Level, the highest within the ENS framework, is reserved for systems whose disruption, compromise, or loss of information would have a severe or very severe impact on citizens’ rights or on the delivery of essential services.

 

iberDok’s ENS High Level certification confirms compliance with more than 70 security measures across areas such as access control, incident management, operational continuity, information encryption, and document traceability. For public bodies, as well as financial, healthcare, and insurance sector entities, and companies working with public administrations, having a CCM platform certified at ENS High Level provides an objective and verifiable assurance that simplifies evaluation, tendering, and procurement processes.

ISO 27001: systematic and audited information security management

 

The ISO/IEC 27001 standard is the international benchmark for implementing, maintaining, and continuously improving an Information Security Management System (ISMS). Unlike isolated controls, this certification requires the organization to operate a structured system that systematically identifies risks, applies proportionate controls, and demonstrates their effectiveness through periodic audits conducted by accredited certification bodies.

 

In the context of a CCM solution, ISO 27001 ensures that platform security does not depend on individual decisions or ad hoc initiatives, but on a robust, documented, and verifiable management system that addresses current cybersecurity threats and data governance challenges.

ISO 27018: protection of personal data in the cloud in compliance with GDPR

 

The ISO/IEC 27018 standard extends the principles of ISO 27001 to the specific processing of personal data in cloud computing services. This certification establishes a set of controls and guidelines aimed at ensuring that cloud providers acting as data processors apply the principles of privacy by design, usage limitation, transparency, and proactive accountability.

 

In a CCM platform such as iberDok, which manages communications that frequently include personal data of citizens, customers, and users, ISO 27018 provides contracting organizations with the legal and technical assurance that such information is processed in accordance with the requirements of the General Data Protection Regulation (GDPR) and the guidelines of European supervisory authorities.

Practical implications of a certified framework

 

The convergence of ENS High Level, ISO 27001, and ISO 27018 within a single CCM platform is uncommon in the market. This combination enables organizations adopting iberDok to rely on a solid compliance foundation that simultaneously covers system security, comprehensive information risk management, and the specific protection of personal data in cloud environments.

Document traceability
Audited record of every operation performed on managed information
Access control
Restricted and verified access to sensitive data and processes
Operational continuity
Incident recovery plans verified through auditing processes
Privacy by design
Protection of personal data embedded in the solution architecture
Regulatory compliance
Alignment with ENS, GDPR, and highly demanding sector frameworks
Verifiable assurance
Certifications issued by independent and accredited auditing bodies

iberDok: a CCM solution ready for high-demand environments

 

The simultaneous achievement of the ENS High Level, ISO 27001, and ISO 27018 certifications strengthens iberDok’s positioning as a CCM platform designed to meet the most demanding requirements in terms of security, privacy, and regulatory compliance. A value proposition aimed at public sector organizations, as well as financial, insurance, and healthcare institutions, and any entity that manages critical communications and requires objective guarantees regarding the technology platform it relies on.