• Jun 16, 2026
  • --

Magnolia DXP achieves ENS Alta certification for the Spanish market

Experience Magnolia in action

Experience Magnolia's key features firsthand in an interactive product tour.

Take a tour now

Magnolia DXP achieves ENS Alta certification — our commitment to the Spanish market

Key insights

  • Magnolia DXP has achieved ENS (Esquema Nacional de Seguridad) certification at the Alta (High) level — the most rigorous tier of Spain's National Security Framework.

  • ENS Alta is the de facto security standard for supplying technology services to the Spanish public administration and highly regulated organizations.

  • This certification independently verifies that Magnolia DXP's security controls meet the strictest requirements outlined in Royal Decree 311/2022.

At Magnolia DXP, security is not a feature — it is a foundation. That is why we are proud to announce that Magnolia DXP has achieved ENS (Esquema Nacional de Seguridad) certification at the Alta (High) level, Spain's National Security Framework.

This milestone means that Spanish public sector organizations, financial institutions, healthcare providers, and any enterprise operating under Spanish regulatory requirements can now deploy Magnolia DXP with full confidence in its independently verified security posture. For our customers in Spain and across the broader Spanish-speaking market, this is more than a badge — it is proof that the controls protecting your data and digital experiences meet the highest standard the Spanish government demands.

What is the Esquema Nacional de Seguridad (ENS)?

The Esquema Nacional de Seguridad, or National Security Framework, is the mandatory information security standard for Spain's public sector and all private organizations that provide technology services to the public sector. Currently governed by Royal Decree 311/2022, the ENS establishes the security principles, organizational requirements, and technical controls necessary to protect information processed within or on behalf of the Spanish public administration.

ENS is not a voluntary best-practice framework. For any vendor providing cloud services, software platforms, or managed IT services to Spanish public entities, compliance is a legal requirement. The CCN (Centro Criptológico Nacional), which operates under Spain's National Intelligence Center, oversees the standard and maintains a public registry of certified entities.

The ENS evaluates security across five dimensions: confidentiality, integrity, availability, authenticity, and traceability. These dimensions map directly to the kinds of guarantees that modern enterprises and governments demand from their digital infrastructure providers.

Understanding the ENS levels

The ENS defines three certification levels based on the potential impact of a security incident on an organization's operations and the data it handles:

  • Básico (Basic): Designed for systems handling low-sensitivity information where a security incident would have a limited organizational impact. Foundational controls such as access management, backup procedures, and documented security policies are required.

  • Medio (Medium): Applies to systems where a security incident could cause serious harm to the organization's services, to individuals whose data is processed, or to the integrity of significant information assets. This level demands periodic audits, encrypted communications, role-based access controls, and continuous security monitoring.

  • Alta (High): Reserved for systems where a breach would have catastrophic consequences — disruption of essential services, serious harm to individuals, compromise of sensitive national or institutional information. Requirements at this level are exhaustive: security operations centers, penetration testing, full redundancy, advanced identity management, end-to-end encryption, and annual independent audits conducted by ENAC-accredited certification bodies.

Magnolia DXP has achieved certification at the Alta level — the highest tier of the framework.

Why Alta? Because your data deserves the highest standard

Achieving the Alta level is a significant undertaking. It requires not just the design of appropriate security controls, but proof — through independent audit — that those controls operate effectively under real-world conditions.

The organizations that most commonly require Alta-level certification are exactly the kinds of organizations that can highly benefit from Magnolia DXP: central government bodies, autonomous community administrations, local authorities, financial services firms, healthcare systems, and large enterprises operating under strict regulatory scrutiny. For these organizations, selecting a DXP vendor without ENS Alta certification would introduce direct compliance risk. With Magnolia DXP, that risk is eliminated.

Choosing an enterprise CMS

Get the guide to find the best CMS for your needs

Download here

ENS as part of our continuous security posture

Achieving ENS Alta certification does not exist in isolation. It is part of Magnolia DXP's broader commitment to what the industry now calls continuous compliance — a security model built on ongoing verification rather than point-in-time snapshots.

Magnolia DXP holds certifications across three major frameworks simultaneously:

  • ISO 27001:2022 — the international standard for Information Security Management Systems, renewed annually.

  • SOC 2 Type 2 — independent verification, conducted by A-LIGN, that our security, availability, and data protection controls operate effectively over an extended review period.

  • ENS Alta — Spain's highest-tier national security certification, demonstrating compliance with the strictest requirements of Royal Decree 311/2022.

Together, these certifications cover the full spectrum of what global enterprises, regulated industries, and government bodies need from a DXP provider. They are not achieved once and forgotten — each requires continuous investment in controls and monitoring, and an annual independent reassessment.

Our approach to continuous security includes:

  • 24/7 continuous monitoring of security controls, ensuring they remain active and effective under real-world operating conditions — not just on audit day.

  • Rigorous vendor risk management, because supply-chain integrity is as important as our own internal controls. Every third-party dependency is evaluated and monitored.

  • Annual re-certification for ISO 27001, SOC 2 Type 2, and ENS, ensuring our defenses evolve alongside the threat landscape.

  • Change management controls that protect data integrity during new feature deployments or infrastructure updates.

ENS and ISO 27001: A natural pairing

One of the reasons Magnolia DXP was well-positioned to achieve ENS Alta certification is that we already hold ISO 27001:2022 certification. The two frameworks are complementary by design: Royal Decree 311/2022 includes an explicit control mapping to ISO 27001, and many of the governance, risk, and operational requirements overlap significantly.

This synergy is not a shortcut — it is a reflection of genuine organizational maturity. When a company can demonstrate compliance with both ENS and ISO 27001 simultaneously, it signals that security is embedded in how the business operates, not bolted on to satisfy an audit requirement.

What this means for your organization

If your organization operates in Spain — or works with Spanish public administration, Spanish-regulated financial services, healthcare systems, or any entity subject to ENS requirements — Magnolia DXP is now a fully validated option.

  • For public sector procurement: ENS Alta certification satisfies the technical solvency requirements increasingly demanded in public tender specifications. Choosing Magnolia DXP means you are selecting a certified provider that simplifies your compliance documentation.

  • For private sector enterprises: Organizations in banking, insurance, pharmaceuticals, and critical infrastructure in Spain operate under regulatory environments that mirror the ENS requirements. Our certification signals that the same standard of control that protects public sector systems protects yours.

  • For your own compliance reporting: Our certification reduces the vendor risk assessment burden for your internal security and compliance teams. Instead of conducting extensive due diligence, your teams can rely on the independently verified assurance provided by our ENS Alta certificate, available via our Trust Center.

Security should never be a barrier to building great digital experiences. With Magnolia DXP, it is not.

Explore our complete security approach

Magnolia DXP offers a comprehensive suite of security features designed to support enterprise-grade compliance, including for organizations subject to ENS, ISO 27001, SOC 2, and GDPR requirements.

Learn more about our security posture

View our ENS certificate and all current compliance documentation at our Trust Center.

FAQs

About the author

Talal Waseem

Information Security Officer, Magnolia

Talal Waseem is the Information Security Officer at Magnolia, actively engaged in enhancing the organization's security posture and compliance. Talal holds a Master's degree in Information Security from Tampere University and a Bachelor of Science in Computer Science from COMSATS Institute of Information and Technology. He also holds industry certifications, including Ethical Hacking Essentials and Introduction to the Threat Landscape 1.0.

Related articles

0/0

How DORA affects your digital experience platform

  • 31 March, 2026
  • Talal Waseem

Content, commerce, and single-page apps

  • 27 March, 2026
  • Bartosz Staryga

Navigating the China firewall

  • 10 March, 2026
  • Sebastian Klingberg, Nora Nowack

Magnolia’s security is officially SOC 2 Type 2 compliant

  • 4 March, 2026
  • Jan Haderka, Talal Waseem

Streamlining the developer experience with the new Magnolia CLI version 5

  • 9 January, 2026
  • Martina Michlova