CYBSER Services

Cybersecurity and certification services

We execute the certification and evaluation routes that matter most for selling in Spain: CICLON for cloud products, LINCE for software and non-cloud products, CPSTIC for public-sector access, EUCC for European scope and pentesting to strengthen the technical security baseline of the product.

Request Initial Assessment View Solutions
Request Initial Assessment
Common objective: access to CPSTIC

Which path does your product need to reach the public sector?

If your goal is inclusion in the CPSTIC Catalogue, the route depends less on the market than on how your product is deployed and what regulatory starting point you already have.

Cloud product

Recommended route: CICLON

If your solution is delivered as SaaS, PaaS or IaaS, CICLON is the natural route to prove cloud security and prepare for CPSTIC.

See CICLON certification →

On-premises software or non-cloud product

Recommended route: LINCE

When the product is customer-installed, deployed on-premises or is not delivered as a cloud service, LINCE is often the right route towards CPSTIC.

See LINCE certification →

Already-certified product

Typical route: Complementary STIC

If you already hold a prior certification and only need to close specific CPSTIC gaps, we can design a complementary STIC scope for that delta.

See CPSTIC inclusion →

Our solutions

We distinguish between the core routes that open market access in Spain and the supporting services that strengthen or expand that strategy.

Primary routes

How market access usually takes shape

These are the paths that usually determine your access to CPSTIC or the certification route that best fits your product, architecture and commercial objective.

Cloud

CICLON Certification

The route for SaaS, PaaS and IaaS products that need cloud certification, technical evaluation and a clear path towards CPSTIC.

  • ST and DAS
  • Technical evaluation
  • Continuous monitoring
View service →
Software / On-prem

LINCE Certification

The certification route for on-premises software, customer-installed applications and non-cloud products targeting the Spanish market.

  • Functional testing
  • Vulnerability analysis
  • Public-sector route
View service →
Public market

CPSTIC Inclusion

We define and execute the right route so certification turns into real access to the CPSTIC Catalogue and public procurement.

  • Access route
  • Inclusion strategy
  • ENS alignment
View service →

Supporting services

Capabilities that reinforce or expand the chosen route

When the priority is stronger technical assurance or recognition beyond the Spanish market, these services work as direct support for the roadmap.

EU

EUCC Consulting

Support for products that need European recognition and a certification path with wider international scope.

  • + Strategic preparation
  • + Documentation
  • + European route
View service →
Technical assessment

Pentesting

Penetration testing adapted to product, service or infrastructure to identify exploitable weaknesses and strengthen the security of your solution.

  • + Web
  • + Cloud
  • + Applications and product
View service →

Why CYBSER

We do more than interpret a methodology. We support the full process, understand how your product is built and adapt the evaluation to the technical, regulatory and commercial reality of each client.

Key differentiator

End-to-end process ownership

We execute the process end to end, from initial analysis and documentation to testing and verification of the corrections before each evaluation is closed.

How we work

Real product understanding

We analyse how your product actually works so the required controls can be adapted to its features and to the reality of the evaluated solution.

How we work

Close and flexible support

We keep direct communication and organise the work around your context, project milestones and realistic business expectations.

How we work

We define the right route for your product and execute each phase with technical judgement, clarity and focus on the outcome.

1

We analyse your product, architecture and commercial objective.

2

We determine whether your product fits LINCE or CICLON, whether a complementary STIC can build on an existing certification, or whether pentesting without catalogue entry is the better route.

3

We prepare the documentation, testing and revalidation needed for the chosen route.

4

We support the process until the technical effort becomes a clear market path.

Tell us which product you want to take to market

We will review whether CICLON, LINCE, CPSTIC, EUCC or pentesting is the best fit.