NEN 7510 step-by-step plan - 2024

NEN 7510:2024 is the new version for the standard for information security in healthcare (for healthcare institutions and IT companies that process healthcare data). The Annex A, the list of controls, is completely overturned and 19 control measures (11 general and 8 care-specific) are completely new. In order to remain certified or in a new certification process, this new standard version NEN 7510:2024 must be met. This requires a NEN 7510 step-by-step plan (also for the upgrade audit).

Thanks to our colleagues at Meta-audit.nl, a NEN 7510 step-by-step plan has been developed that provides a control framework for all NEN 7510:2024 control measures. More in a hurry? Request Meta-audit's NEN 7510 step-by-step plan - 7510:2024 QuickStart (including an explanation of 19 new measures and conversion tables).

NEN 7510 step-by-step plan - ISMS

Certified companies already have an ISMS - Information Security Management System. This ISMS will have to be adapted to the new standard requirements, especially the Annex A because that is the big change.

Such a new standard is also a good time to take a closer look at the design of your own management system, in this case the ISMS. How mature is your own management system - ISMS?
Take a look at an example of an ISMS platform.
 

NEN 7510:2024 focus areas

In order to comply with the management system standard NEN 7510, an organization must have a complete management system (ISMS - Information Security Management System) with all control measures implemented. The control measures in the new NEN 7510:2024 have been regrouped (just like in the ISO 27001:2022), divided into 4 groups. However, 19 new control measures have been added (11 general and 8 care-specific). 

The 19 new control measures divided over the 4 focus areas are:

• Organizational measures
  • Threat intelligence and analysis
  • Information security when using cloud services
  • ICT readiness for business continuity
  • HLT Analysis and Specification of Information Security Requirements
  • HLT Uniquely Identifying Care Recipients
  • HLT Validation of displayed/printed data
  • HLT Publicly Available Health Information
  • HLT Communication in emergency situations
  • Report HLT Incident externally
• Measures with regard to people
  • HLT management training
• Physical measures
  • Monitoring physical security
• Technical measures
  • Configuration management
  • Deletion of information
  • Data masking
  • Data Breach Prevention
  • Monitoring of activities
  • Applying web filters
  • Secure encryption
  • HLT Zero Trust Principles

If you want to know more, you can contact our colleagues at Meta-audit.nl. 

NEN 7510 step-by-step plan - 2024 - implementation

A clear and structured step-by-step plan is essential for an upgrade audit to NEN 7510:2024 to be efficient and successful, because it provides organizations with direction and overview in a complex framework of standards. By working with clear phases – from gap analysis to implementation and review – the risk of gaps in information security is significantly reduced. Moreover, a structured approach ensures that all relevant stakeholders are involved in a timely manner and responsibilities are clearly allocated. The use of a control framework plays a crucial role in this, because it helps to systematically link measures to standard requirements and make them demonstrable. This not only creates compliance, but also a sustainable and manageable level of security within the organization. As emphasized in this step-by-step plan, this methodical method contributes to efficient audit preparation and a higher chance of a positive audit result. Ultimately, a well-designed step-by-step plan translates into time savings, cost control and strengthened trust among both auditors and chain partners.

The step-by-step plan can be divided into the following steps:

1. Preparation - What is, what is not - FitGap analysis (click here for an example)
2. Improving 'Gaps' and implementing new measures
3. Internal audit, in particular with regard to the new control measures
4. Management review, with conclusions about the upgrade
5. Let the external auditor come...  

NEN 7510:2024, FitGap analysis - the practical approach

A practical way to perform a FitGap analysis is to set up the management measures as a control framework. For each control measure or group of control measures, you determine whether they have been implemented and whether they are effective. A good tool is then practical, for example one that is workflow-driven. After all, you usually work together with several people and then a joint overview with individual workflow actions is useful. It monitors progress and it is demonstrable that the transition to the new standard version has been properly handled.

Click here for a demo of a workflow-driven control framework NEN7510:2024/ISO27001:2022 or Declaration of Applicability (VvT) with points of attention per standard item.