NEN 7510 audit

Information security is important, especially in the healthcare industry where medical and patient data is managed and exchanged. You can provide care with confidence if your information is properly secured and this security is guaranteed. After all, your clients expect you to treat their privacy-sensitive information with the utmost care.

NEN 7510 'Medical Informatics - Information Security in Healthcare' is a Dutch standard (derived from ISO 27001) that describes measures that healthcare institutions, as well as other managers of personal health information, must take to adequately handle patient data. The measures ensure that information security becomes a controlled process. The security requirements apply to the information within the healthcare organization, as well as to the information that organizations exchange among themselves. All healthcare institutions, regardless of size or nature of business processes, must meet the requirements from the NEN 7510.

Onze NEN 7510-audit ondersteuning

2-Control consists of an enthusiastic team of registered IT auditors (RE) who can assess your compliance with NEN 7510 at short notice through an IT audit. An IT audit is a way to show that you handle information securely by means of measures.

We specialize in assessing risks and selecting appropriate security measures and then demonstrating the operation of these measures. Our IT auditors have extensive experience and expertise with healthcare institutions.

Benefits NEN 7510 for your organization

  • You get to know your security risks to which you can then respond.
  • You get a practical framework for setting up your information security according to the legal requirements around the Electronic Patient File (EDP).
  • You will show health insurers and patients that patient data is in good hands with you.
  • The NEN 7510 helps you reduce the number of security incidents.

NEN7510 approach 2-Control

2-Control's IT auditors can perform an IT audit against the NEN 7510. We go through the following phases with you:

  1. Pre-audit
    By first checking the extent to which your systems comply, you will gain insight into the measures that you must take in any case. We can perform this pre-audit for you. Our IT auditors map out the extent to which your organization meets certain standards. The outcome of the pre-audit gives a clear picture of the measures you need to take to comply with the NEN 7510 standards.

  2. Taking measures
    Following our pre-audit, you implement the necessary measures to better protect your systems against external misuse.

  3. Final audit
    Once the previous stages have been completed, the final audit will be conducted.

  4. Report
    We provide a clear and concise assurance report with our findings and recommendations. The report is a prescribed standardized report. This format has been developed in consultation with the professional group of auditors (NOREA).

Differences between NEN 7510 and ISO 27001

  • NEN 7510 and ISO 27001 are both information security standards. Only NEN 7510 is specifically intended for healthcare institutions and other managers of personal health information, while ISO 27001 is the general and internationally applicable standard for information security, regardless of the industry in which one operates.
  • NEN 7510 is based on this international standard and in terms of content they are very similar. The NEN 7510 standard is in fact an extension of the requirements from the ISO 27001 standard. The NEN 7510 can be seen as a set of additional requirements that organizations working in the healthcare sector must meet.
  • Within the NEN 7510 and ISO 27001 standard there is a lot of room for organizations to set up how they meet the requirements in the standard themselves.

NEN 7510 and IT service organizations

If you are a supplier of IT services to healthcare organizations, you may also have access to patient privacy-sensitive information. Your customers, the healthcare organizations, will therefore demand that you also comply with NEN 7510 standards. After all, in the "chain," the healthcare organizations also depend on your people, resources and processes. Together with your assurance statement, the healthcare institution can demonstrate that they comply with NEN 7510.

For IT service organizations, we also achieve an assurance statement, but use NOREA's guidance on Service Organization Control (SOC2) reports. The SOC2 standard is a form of assurance specifically aimed at IT service organizations and provides guidelines and principles for determining, instituting and enforcing measures they should normatively take to secure information provision. To align with the NEN 7510, a mapping with the NEN 7510/ISO 27001 standards is used.


+31 (0) 76-5019470

Please contact us

Do you have any questions or comments about our IT audit services? We are happy to hear from you. Please enter your details in the form below and we will get back to you as soon as possible. You can also contact us directly at the phone number on the left.

Our dedicated team is ready to assist you with any questions or concerns. We strive to provide you with the best service possible.

Fill in our contact form