NEN7510:2024 differences

NEN 7510:2024 is the updated Dutch standard for information security in the healthcare sector. This standard focuses on protecting medical data and meets the requirements of the GDPR. NEN7510:2024 is based on ISO27001:2022, but contains additional requirements that apply specifically to healthcare. Compared to NEN7510:2017, there are differences in NEN7510:2024, such as a changed structure and more focus on risk management and continuous improvement. The control measures have also been updated and the PDCA cycle is more in line with the international ISO standard. Compared to ISO27001:2022, there are differences in NEN7510:2024, especially in the areas of healthcare-specific processes and patient safety. The extra care measures are necessary due to the special nature of medical data. The NEN7510:2024 differences ensure that healthcare organizations can respond adequately to new threats and legislation. Healthcare facilities must update their policies and procedures to meet the requirements of this new standard. This ensures the protection of sensitive patient information.

Tip: ask our colleagues at Meta-audit for the QuickStart NEN 7510:2024 manual

Who is NEN7510

The standard NEN7510 is, as mentioned, intended for healthcare. These are healthcare organizations, but also organizations that process personal health information. The latter group includes suppliers who host applications with personal health information, software suppliers of PHEs - Personal Health Environments, ISP - Internet Service Providers with a relationship to healthcare applications , etc.

ISMS - Information Security Management System

The design of an ISMS for NEN 7510 is aimed at creating a coherent and demonstrable system with which healthcare organizations structurally manage information security. The foundation starts with determining the scope and context, so that it is clear which processes, systems and patient data fall under the ISMS. Next, risk management is central, in which risks related to confidentiality, integrity and availability are systematically assessed and handled.

An essential part of this set-up is the use of a control framework, with which the requirements of NEN 7510 are translated into concrete, manageable controls. This framework makes it possible to implement measures uniformly, monitor them and make them demonstrable to auditors. This not only creates compliance, but also practical guidance for daily operations.

In addition, the ISMS includes clear policy documentation and procedures, which provide direction to employees and management. Roles and responsibilities are explicitly laid down, so that ownership of information security is guaranteed within the organization. As emphasized in the differences around NEN 7510:2024, there is a stronger emphasis on demonstrability and continuous improvement compared to previous versions.

The Plan-Do-Check-Act cycle is at the heart of the ISMS, allowing organizations to continuously focus on optimization and risk reduction. Monitoring, internal audits and management reviews ensure that the system remains up-to-date and effective. In addition, this structured approach facilitates efficient audit preparation and minimizes surprises during external review.

By combining a robust ISMS with a practical control framework, a scalable and future-proof approach to information security is created. Organizations gain real-time insight into their compliance status and can make adjustments more quickly where necessary. This not only increases the security of patient data, but also strengthens the trust of chain partners and regulators. Ultimately, a well-designed ISMS positions organizations as professional, reliable and compliant within the healthcare sector.

ISMS control framework

As an example , an ISMS -Information Security Management System- control framework has been developed, aimed at ISO 27001, Annex A but expandable to NEN 7510. A set of 95 controls aimed at information security, if applicable.
The ISMS control framework is part of the management system platform. The assessment results of the effectiveness audits of the relevant control measures are periodically recorded here. A major advantage is that there are direct links with the described management system and the various quality registrations or KPI measurements.

Start your free trial now

We don't have 'shiny leaflets'. Get behind the buttons right away and experience the convenience, overview and productivity improvement.
We help you online and enrich you with the experience and best practices of other users.

Start Now