At Soffid, we take another step forward in our commitment to cybersecurity by obtaining both ENS-ALTO and Common Criteria certifications for our IAM and PAM solutions. These achievements reinforce our technical and strategic vision, and strengthen the trust placed in our platform by organisations that manage critical infrastructures.

Soffid is now the only European company to simultaneously hold the ENS High-Level (ENS-ALTO) certification and the internationally recognised Common Criteria (ISO/IEC 15408) standard—two of the most rigorous frameworks in the field of information security.

Dual validation with real-world impact

The ENS-ALTO certification, granted by Spain’s National Cryptologic Centre (CCN), confirms that our solutions comply with the highest standards of the National Security Framework (ENS), which is mandatory for public sector systems handling sensitive or classified information.

Meanwhile, Common Criteria is a global benchmark for IT product security, recognised by over 30 countries through the Common Criteria Recognition Arrangement (CCRA). Earning this certification means successfully passing a demanding, independent evaluation process—something that only a small number of vendors achieve.

Together, these certifications validate our ability to secure highly regulated environments across both the public and private sectors, including government agencies, healthcare institutions, financial services, energy providers, and telecommunications firms.

Security that goes beyond compliance

Rather than a final destination, these certifications are a natural outcome of our long-term technical strategy. As our CTO, Gabriel Buades, puts it:
“These certifications are the result of a long-term technological strategy—not a race to tick boxes.”

Since day one, we’ve embraced a clear vision based on three key principles:

• High-level security

• Operational simplicity

• Efficiency in identity lifecycle management

This approach allows us to deliver a robust, flexible platform that integrates seamlessly into complex architectures and facilitates regulatory compliance without adding unnecessary friction to our clients’ processes.

European technology for a global landscape

As Europe strengthens its focus on technological sovereignty, having a solution like Soffid—designed and developed entirely in Europe—is more important than ever. It’s not only about meeting today’s requirements but about building a future-ready identity governance model.

We’re proud to support organisations on that path with a solution that brings together innovation, trust, and strategic vision.