Certifications and standards (ISO, ENS, NIS2, DORA)
Support in obtaining and adapting to certifications and standards such as ISO, ENS, NIS2 and DORA, as well as in drafting Codes of Conduct and Binding Corporate Rules (BCR) for multinational structures.
How we work
Our methodology for this service
Analysis of applicable standards
We assess which standards and certifications are relevant for the client — ISO 27001, ENS, NIS2, DORA, BCR — based on their sector, activity and relationships with customers or public administrations.
Gap analysis against the standard
We conduct a detailed analysis of the client's current situation against the standard's requirements to identify the gaps that must be closed before starting the certification process.
Implementation of controls and documentation
We support the client in implementing the controls and preparing the documentation needed to meet the standard's requirements, coordinating with technical teams when necessary.
Preparation and support for the certification audit
We prepare the client for the external certification audit, conduct internal dry runs and provide support during the audit process to ensure a successful outcome and subsequent maintenance of certification.
Who this is for
Technology providers and digital service companies needing certifications to access public tenders, financial entities subject to DORA, essential service operators subject to NIS2, and public sector organisations required to comply with the National Security Framework (ENS).
Discover more by sector
Why MES Legal?
- Specialist lawyers with proven expertise in each practice area
- Offices in Barcelona and Madrid with national coverage throughout Spain
- Results-oriented, practical approach with clear risk management
- Direct professional relationship — no large-firm layers or intermediaries
Other services in this area
-
GDPR and LOPDGDD implementation
Design and implementation of a data protection policy tailored to the client's operational reality, whatever their sector: commercial, financial, real estate, healthcare, educational, legal, technology or industrial. Preparation of all documentation required for effective and proportionate compliance.
-
Privacy legal and contractual documentation
Drafting and review of data processing agreements, information notices, privacy policies, legal disclaimers, internal protocols and other legal and organisational documents required for the client's activity.
-
Records of Processing Activities (RoPA)
Preparation, review and ongoing maintenance of the Records of Processing Activities, ensuring it accurately reflects the processing carried out by the entity and remains aligned with the evolution of its operations and regulatory obligations.
-
Risk analysis and Data Protection Impact Assessments (DPIA)
Audits, risk analyses and Data Protection Impact Assessments for processing operations that may significantly affect individuals' rights and freedoms. Identification of vulnerabilities and corrective measures to anticipate contingencies and strengthen compliance.