NEN 7510 step-by-step plan
NEN 7510:2024 is the new version for the standard for information security in healthcare (for healthcare institutions and IT companies that process healthcare data). The Annex A, the list of controls, is completely overturned and 19 control measures (11 general and 8 care-specific) are completely new. In order to remain certified or in a new certification process, this new standard version NEN 7510:2024 must be met. This requires a NEN 7510 step-by-step plan.
Thanks to our colleagues at Meta-audit.nl, a NEN 7510 step-by-step plan has been developed that provides a control framework for all NEN 7510:2024 control measures. More in a hurry? Request Meta-audit's NEN 7510 step-by-step plan - 7510:2024 QuickStart (including an explanation of 19 new measures and conversion tables).
NEN 7510 step-by-step plan - ISMS
Certified companies already have an ISMS - Information Security Management System. This ISMS will have to be adapted to the new standard requirements, especially the Annex A because that is the big change.
Such a new standard is also a good time to take a closer look at the design of your own management system, in this case the ISMS. How mature is your own management system - ISMS?
Take a look at an example of an ISMS platform.
NEN 7510:2024 focus areas
In order to comply with the management system standard NEN 7510, an organization must have a complete management system (ISMS - Information Security Management System) with all control measures implemented. The control measures in the new NEN 7510:2024 have been regrouped (just like in the ISO 27001:2022), divided into 4 groups. However, 19 new control measures have been added (11 general and 8 care-specific).
The 19 new control measures divided over the 4 focus areas are:
- Organizational measures
- Threat intelligence and analysis
- Information security when using cloud services
- ICT readiness for business continuity
- HLT Analysis and Specification of Information Security Requirements
- HLT Uniquely Identifying Care Recipients
- HLT Validation of displayed/printed data
- HLT Publicly Available Health Information
- HLT Communication in emergency situations
- Report HLT Incident externally
- Measures with regard to people
- Physical measures
- Monitoring physical security
- Technical measures
- Configuration management
- Deletion of information
- Data masking
- Data Breach Prevention
- Monitoring of activities
- Applying web filters
- Secure encryption
- HLT Zero Trust Principles
If you want to know more, you can contact our colleagues at Meta-audit.nl.
NEN 7510 step-by-step plan - 2024 - implementation
Actualizing an ISMS is quite a job for which, as mentioned, a clear step-by-step plan is certainly needed, as well as good tooling.
The step-by-step plan can be divided into the following steps:
- Preparation
- What's There, What's Not – FitGap Analysis (click here for an example)
- Improving 'Gaps' and implementing new measures
- Internal audit, in particular with regard to the new control measures
- Let the external auditor come...
NEN 7510:2024, FitGap analysis - the practical approach
A practical way to perform a FitGap analysis is to set up the management measures as a control framework. For each control measure or group of control measures, you determine whether they have been implemented and whether they are effective. A good tool is then practical, for example one that is workflow-driven. After all, you usually work together with several people and then a joint overview with individual workflow actions is useful. It monitors progress and it is demonstrable that the transition to the new standard version has been properly handled.
Click here for a demo of a workflow-driven control framework NEN7510:2024/ISO27001:2022 or Declaration of Applicability (VvT) with points of attention per standard item.
