NEN 7510: transition deadline in sight

Appearance February 20, 2027 every healthcare organization (that processes personal data in a care information system) must comply with this new version. That may seem far away, but in practice, it comes closer than you think. Especially because your next audit is probably already taking place based on the new standard. Delay is therefore not an option. To help you get started, we have developed a NEN 7510:2024 checklist. This allows you to see at a glance where your organization is already on track and where action is still needed to fully comply.

‍

What does the new NEN 7510:2024 mean for your organization?

The core of the standard remains the same: it is still about ensuring information security in healthcare. But there are clear changes that have an impact on how you work with them.
‍

1. More in line with ISO 27001:2022

The new version is more in line with the layout and design of ISO 27001:2022, which has been renewed before and was therefore no longer in line with NEN 7510:2017. This saves duplication of work for organizations that deal with both standards, because the structure and terminology are better aligned.

2. Enhanced for new laws and regulations

The standard has been updated so that it is more in line with current legislation and regulations in healthcare. Think of the Additional Provisions for Processing Personal Data in Healthcare (Wabvpz), the Electronic Data Interchange in Healthcare Act (Wegiz) and the NIS2 Directive which is scheduled to commence in Q2 of 2026. As a result, NEN 7510:2024 is even better in line with the obligations that healthcare institutions already face.

3. More concrete implementation requirements

In the old version, as an organization, you had more freedom in how you implemented measures. The 2024 version sets tighter frameworks for this. Do you still want to do it in a different way? Then you must explicitly substantiate that in your Statement of Applicability (VvT).

4. New and adapted measures

The total number of control measures has decreased because some have been merged or rewritten. But new, care-specific measures have also been added. It is therefore not a 'simplification', but a rearrangement with extra attention to current risks.

Why a checklist helps

The switch to NEN 7510:2024 is not just an administrative update. It requires a critical look at your current processes, measures and documentation.

With our checklist, you can check:

• Where do we already comply?
• Where are the holes?
• What needs to be changed or added?

This way, you can work towards the new standard in a structured way, without feeling stressed just before the audit.

In short:

The transition to NEN 7510:2024 is more than just ticking the box. It's about complying with the latest requirements, legislation and best practices in information security in healthcare.

Start on time, use the checklist, and make sure you're ready for the next audit. Download the free checklist below!

‍

‍