On November 3, 2008, the Spanish Data Protection Agency (AEPD) issued a guide on security measures required by Spanish data protection law, along with implementation strategies. The guide contains: (1) an explanation of the different security levels and their corresponding security measures; (2) a template for the drafting of compulsory internal security documents; and (3) a questionnaire to automatically evaluate applicable security levels and their level of compliance. The guide is available (in Spanish) here.