by Rebeca | Apr 29, 2025 | cybersecurity, iam, News, soffid
Soffid’s achievement of ENS-ALTO and Common Criteria certifications marks a milestone not only for our company but also for the organisations that trust our technology.
These certifications offer practical, tangible benefits for both public sector entities and private companies, particularly in a context where cybersecurity, regulatory compliance, and digital trust are more critical than ever.
Here is how these certifications deliver real-world impact:
1. Greater competitiveness in public tenders
Public administrations in Spain are required to comply with the National Security Framework (ENS), under Royal Decree 311/2022, for any systems handling sensitive or classified information.
When a technology provider like Soffid holds the ENS-ALTO (CPSTIC) certification, public sector organisations using our solutions can:
- Simplify compliance with technical specifications in tender processes.
- Ensure automatic conformity for requirements demanding High-Level certified solutions.
- Reduce timeframes and risks during internal validation and approval stages.
Result:
Partnering with Soffid not only facilitates access to public sector opportunities but also improves technical evaluation scores and enables safer, faster adoption of secure digital services.
2. Reinforced regulatory compliance for private organisations
The Common Criteria (ISO/IEC 15408) certification provides private companies — particularly those operating in regulated industries such as finance, energy, healthcare, telecommunications, and defence — with a significant strategic advantage:
- Simplifies internal and external security audits.
- Demonstrates compliance with regulatory frameworks like GDPR, ISO 27001, NIS2, PCI-DSS, and others.
- Provides additional assurance to clients, partners, regulators, and auditors.
Result:
Implementing Common Criteria-certified solutions enables organisations to objectively demonstrate their commitment to data protection, secure identity management, and cyber resilience.
3. Enhanced digital trust and market differentiation
In an environment where digital trust has become a cornerstone of business sustainability, working with a certified provider delivers immediate value:
- Third-party verified technical trust: Independent assessments ensure that Soffid meets the highest security standards.
- Enhanced corporate reputation: Partnering with certified vendors strengthens the organisation’s image with clients, investors, and stakeholders.
- Lower cybersecurity risk exposure: More robust solutions translate into fewer vulnerabilities and reduced threat exposure.
Result:
Organisations that integrate Soffid into their infrastructure position themselves as committed, trusted leaders in security and compliance.
Conclusion
Choosing a technology partner like Soffid, certified both nationally (ENS-ALTO) and internationally (Common Criteria), today represents a clear competitive advantage.
Beyond meeting regulatory requirements, these certifications prove a strong commitment to technical excellence, digital asset protection, and building trust in an increasingly interconnected and demanding world.
▶ Learn how our certifications can help your organisation move forward with security and confidence.
by Rebeca | Apr 22, 2025 | Customer, cybersecurity, News, soffid
The General Intervention Board of the Spanish State Administration (IGAE) joins the growing network of public institutions that trust Soffid IAM to strengthen their cybersecurity strategy. This new agreement, formalized through our technology partner CGI, covers 100,000 managed identities, reinforcing Soffid’s position as a European leader in identity and access management (IAM) for the public sector.
A strategic move toward control and security
As a key body within the Ministry of Finance responsible for financial oversight of the Spanish public sector, IGAE required a solution that ensures traceability, regulatory compliance, and full control over access to its most critical systems.
With Soffid IAM, IGAE benefits from:
- An on-premises IAM platform that reinforces technological sovereignty and enables autonomous, secure management.
- Identity governance fully aligned with the requirements of the Spanish National Security Framework (ENS).
- Privileged Access Management (PAM) to protect critical accounts and reduce the risk of unauthorized access.
In addition, this implementation will extend protection to more than 200 entities already integrated with IGAE, ensuring a broader, more cohesive cybersecurity framework across the institutional network.
A project that strengthens European technological autonomy
In today’s landscape—where cybersecurity is a national priority—IGAE’s decision to choose Soffid, one of the three European IAM platforms tracked by Gartner, highlights a firm commitment to tools developed and managed entirely in Europe, ensuring full independence from third countries.
Our partner CGI, with extensive experience in the field of cybersecurity, has been key to the execution of the project, providing deep specialized expertise and strategic support throughout all phases of the deployment.
Soffid: Identity made simple. Security made smarter.
This agreement with IGAE is yet another example of how Soffid IAM, through technology, expertise, and vision, empowers public institutions in their digital transformation journey—offering modular, secure, and efficient solutions tailored to each environment.
Because identity management doesn’t have to be complex.
With Soffid, it’s simpler. And smarter.
by Rebeca | Apr 14, 2025 | News, soffid
At Soffid, we take another step forward in our commitment to cybersecurity by obtaining both ENS-ALTO and Common Criteria certifications for our IAM and PAM solutions. These achievements reinforce our technical and strategic vision, and strengthen the trust placed in our platform by organisations that manage critical infrastructures.
Soffid is now the only European company to simultaneously hold the ENS High-Level (ENS-ALTO) certification and the internationally recognised Common Criteria (ISO/IEC 15408) standard—two of the most rigorous frameworks in the field of information security.
Dual validation with real-world impact
The ENS-ALTO certification, granted by Spain’s National Cryptologic Centre (CCN), confirms that our solutions comply with the highest standards of the National Security Framework (ENS), which is mandatory for public sector systems handling sensitive or classified information.
Meanwhile, Common Criteria is a global benchmark for IT product security, recognised by over 30 countries through the Common Criteria Recognition Arrangement (CCRA). Earning this certification means successfully passing a demanding, independent evaluation process—something that only a small number of vendors achieve.
Together, these certifications validate our ability to secure highly regulated environments across both the public and private sectors, including government agencies, healthcare institutions, financial services, energy providers, and telecommunications firms.
Security that goes beyond compliance
Rather than a final destination, these certifications are a natural outcome of our long-term technical strategy. As our CTO, Gabriel Buades, puts it:
“These certifications are the result of a long-term technological strategy—not a race to tick boxes.”
Since day one, we’ve embraced a clear vision based on three key principles:
- High-level security
- Operational simplicity
- Efficiency in identity lifecycle management
This approach allows us to deliver a robust, flexible platform that integrates seamlessly into complex architectures and facilitates regulatory compliance without adding unnecessary friction to our clients’ processes.
European technology for a global landscape
As Europe strengthens its focus on technological sovereignty, having a solution like Soffid—designed and developed entirely in Europe—is more important than ever. It’s not only about meeting today’s requirements but about building a future-ready identity governance model.
We’re proud to support organisations on that path with a solution that brings together innovation, trust, and strategic vision.
by Rebeca | Apr 8, 2025 | News, soffid
From April 28 to May 1, Soffid IAM will take part in one of the world’s leading cybersecurity events: RSA Conference 2025, held at the Moscone Center in San Francisco (USA).
Under the theme “Many Voices. One Community”, this year’s edition is expected to gather more than 41,000 attendees, 600 startups, 650 international speakers, and nearly 400 specialized media outlets, consolidating its role as a key meeting point for innovation, strategic reflection, and global collaboration in the sector.
A meeting place for the voices building the future of cybersecurity
This year, Soffid will be part of the Spain Pavilion, coordinated by ICEX and INCIBE, in collaboration with 21 companies that represent the technological strength of the Spanish cybersecurity ecosystem.
You’ll find us at Booth S-0642, in the Moscone South Expo Hall, where our team will showcase the capabilities of our Identity and Access Management (IAM) platform — a robust, flexible, and fully European solution that enables public and private organizations to simplify access management and ensure regulatory compliance with complete security.
European technology, global vision
Our participation in RSAC reinforces Soffid’s position as a world-class IAM platform, implemented by governments, critical infrastructures, and large enterprises across the globe. We will be sharing how our technology contributes to European digital sovereignty, reduces operational complexity, and provides full control over the identity lifecycle.
In an increasingly demanding global environment, IAM solutions must be able to adapt to heterogeneous systems, integrate multiple data sources, and respond quickly to any threat. At Soffid, we’ve been helping our clients achieve this for over two decades.
See you in San Francisco
If you’re attending RSA Conference 2025, we’d love to meet you in person.
📍 Booth S-0642 – Spain Pavilion
📍 Moscone South Expo Hall
📍 San Francisco, California (USA)
Let’s talk identity. Let’s meet at RSAC.
by Rebeca | Apr 1, 2025 | cybersecurity, iam, soffid
In the world of cybersecurity, small mistakes can lead to big consequences. And when it comes to identity management, even a minor bug—or a human error—can escalate into system-wide disruptions, affecting thousands of users or critical infrastructure.
At Soffid IAM, we believe that simplifying identity governance means eliminating errors before they become vulnerabilities.
Identity management: when a bug becomes a breach
A software glitch in a video game might be a harmless quirk. But in IAM, it can result in locked-out users, excessive access rights, or uncontrolled privilege escalation. In sectors like healthcare, finance, or public administration, these issues can lead to operational risks, data loss, or compliance failures.
What causes identity-related errors—and how to prevent them
-
Lack of specialized training
IAM is not just another IT function. It requires deep knowledge of each organization’s processes, systems, and the identity platform itself. Without proper training, engineers miss critical dependencies. That’s why Soffid empowers customers and partners through continuous enablement.
-
Limited testing environments
Relying on production environments for testing is a dangerous shortcut. Many organizations skip realistic test setups due to budget or time constraints, exposing themselves to higher risks. At Soffid, we encourage investing in pre-production environments that mirror real systems.
-
Unexpected third-party changes
In the cloud era, integrations can break overnight if a provider modifies their APIs or policies. This is why identity governance must be a shared responsibility across all IT stakeholders—and must be monitored proactively.
-
Poorly designed test scenarios
A common trap: testing what’s supposed to work, not what might go wrong. Thorough unit, integration, and user acceptance testing are vital. We’ve seen real cases where a missing “WHERE” clause disabled every user account instead of just one. The solution? Smarter testing.
From chaos to control, with precision and purpose
Identity security leaves no room for improvisation. At Soffid, we build environments where stability, traceability, and automation reduce human error and strengthen every access decision.
Our approach:
-
Train constantly
-
Create robust test environments
-
Involve every stakeholder
-
And above all: test with intention
Security without complexity. Identity without friction. That’s how Soffid IAM delivers control without compromise.
