What is ISO 27001?

ISO 27001 is an international standard for information security. The standard describes how to Information Security Management System (ISMS) furnish. This gives you a grip on risks, processes and responsibilities.

The ISO 27001 standard consists of requirements for policy, risk management, internal audits, improvement measures and the role of management. The goal is to make information security a structural part of your business operations.

An organization that meets all requirements can have a ISO certificate achieve. This shows that you have information security demonstrably and continuously in order.

What is NEN 7510?

NO 7510 is the Dutch standard for information security in healthcare. The standard is based on ISO 27001, but includes additional requirements that are specific to the healthcare sector.

The reason: healthcare works with patients' sensitive medical data. The protection of this data requires additional safeguards. NEN 7510 therefore describes additional control measures for, among other things, access to patient information, logging and compliance with the AVG.

Healthcare institutions and their suppliers must be able to demonstrate that they comply with NEN 7510. One NEN 7510 certification shows that the organization is careful with health information.

The main differences between ISO 27001 and NEN 7510

Although NEN 7510 builds on ISO 27001, there are a few clear differences:

‍

‍

How do ISO 27001 and NEN 7510 relate to each other?

ISO 27001 forms the basis. NEN 7510 is, as it were, one floor on that.

An organization that has already introduced ISO 27001 often largely meets the requirements of NEN 7510, so you only have to implement the additional care-specific components.

Conversely, those who are NEN 7510 certified automatically comply with the most important parts of ISO 27001, which is why both certifications are often carried out together, in one process and with one combined NEN 7510 audit.

ISO 27001 and NEN 7510 are about risk management

Both ISO 27001 and NEN 7510 revolve around risk management. A good one ISO 27001 risk analysis whether NEN 7510 risk analysis forms the core of the management system. ISO 27001 focuses on business risks: how do threats affect the continuity and reliability of your organization? NEN 7510 focuses on patient safety and the confidentiality of medical information. Think of situations where incorrect access to data can have direct consequences for healthcare provision.

Which standard applies to you?

• Do you work in the care or do you process medical data for healthcare institutions? Dan is NEN 7510 certification mandatory or highly recommended.
• Do you work in a different sector, or do you want to demonstrate compliance with customer requirements and legislation? Dan is ISO 27001 the right choice.

Some organizations consciously opt for both certificates. This way, you demonstrate that you not only comply with the international standard, but also with the specific Dutch healthcare standard.

Practical start with ISO 27001 or NEN 7510

Do you want to know which standard best suits your organization or where you are now? With a short baseline measurement or a consultation, you will gain insight into the steps that are necessary. Whether you choose ISO advice or guidance towards a NEN 7510 certificate, it's always about the same thing: control over information security, risks and trust of customers and partners.

Need help with ISO 27001 or NEN 7510?

Not sure which standard is relevant to your organization yet? Plan one free of charge, free consultation of 45 minutes. Together, we will look at your situation and provide practical advice on ISO 27001 and NEN 7510 certification.

On our News & Insights page, you will also find useful articles about information security, audits and risk management in various sectors.

‍