Request a quote
en_GB EN
en_GB EN nl_NL NL de_DE DE

NEN 7510:2017 Checklist

NEN 7510 is the certification for information security in healthcare. Check whether you are ready for certification with the NEN 7510 checklist. To obtain this certification, you must first have an NEN 7510 audit carried out by a Certifying Body, such as DigiTrust. Would you like to schedule your audit at short notice? Then feel free to contact with us.

  • Your audit starts as early as one month.
  • Personal guidance throughout the certification process.
  • Sharp prices
Request a non-binding offer

More than 300 organisations have already gone before you.

img_5004

"The certificate demonstrates that the information security management system is in place."

Go through the steps with a NEN 7510 checklist

When you have a working management system for information security in healthcare If you want to set up your business, there is a lot involved. Want to know which steps to take and in what order? Then follow the steps in our NEN 7510 checklist.

Step 1: understanding the standard

The NEN 7510 standard consists of two parts. Part 1 of the standard is about the management system, while part 2 is about the control measures you can take to mitigate risks and comply with requirements.

NEN 7510 certification is generally not mandatory, but a healthcare stakeholder may only work with organisations that have NEN 7510 certification. To obtain certification, a NEN 7510 audit is first required. DigiTrust can help you with this

Step 2: Define your scope

Determine what the scope is going to be of your information security management system. For NEN7510 certification, it is mandatory to have the primary care process in scope

Step 3: Assessing risks

Once you have a good idea of the scope and requirements for the NEN 7510 it is important to identify the risks within your (healthcare) organisation. A risk assessment place, revealing what threats exist and how likely they are to occur. But also what the impact will be on your healthcare organisation if they do occur unexpectedly. Together, this gives you a good picture of the information security / cyber risks.

Step 4: Addressing risks

After assessing the risks, it is important to address them. The risk treatment plan allows you to record the measures and determine what you will do to reduce the risk. You may have already taken several measures, so the residual risk can be accepted. But you may need to take additional measures on certain risks to arrive at an acceptable residual risk. For each risk, it is important to indicate how 'heavily' the risk weighs and what appropriate measure will be taken for it. Compare all your self-determined measures with the Appendix A measures. To assess whether you haven't forgotten anything. These measures are further detailed in the NEN7510-2.

Tip: the measures to be taken are mostly preventive, to avoid problems.

Step 5: Declaration of applicability (VVT)

The Statement of Applicability is an important document within NEN 7510. For each section, it helps you argue which parts of Annex A of the standard are or are not applicable within your healthcare organisation.

Note: take steps 1 to 3 first, before getting started with the VVT. This helps take into account the risk-sensitive situations for your organisation and the right scope.

Step 6: Taking stock

After you have also drawn up the VVT, it is time to take stock, as you have already taken a large number of steps within the NEN 7510 checklist. The idea is to review the entire process again. Have you not overlooked anything? And what do you do if the measures indicated do not have the desired effect and the risks remain? Performing an internal audit in advance will give you a good picture of your information security management system.

Step 7: Creating policies

Finally, you can get to work on information security policies. It should provide direction and support for information security within your healthcare organisation. Of course, based on the policy, you will act in line with the requirements, relevant laws and, of course, the regulations from the NEN 5710 standard.

NEN 7510 checklist: getting started

Getting started with the NEN 7510 checklist? It gives a good idea of what is involved in preparing for certification. Find out what you might have to deal with and what you can call on our specialists for. We will be happy to help you implement the standard so that you can use the checklist to prepare for certification.

Questions about the NEN 7510 checklist or curious about certification options? Our specialists will be happy to tell you more. Call us on telephone number 088 224 56 00, please email us at info@digitrust.nl. We are happy to visit you for a no-obligation introduction.

Title 5

a

Need NEN 7510 audit performed by DigiTrust?

Would you like to have a NEN 7510 audit carried out? Then contact us without obligation. Based on the context of your organisation and the number of FTE within your organisation, the number of audit days will be calculated. We are always transparent in the calculation and the quotation drawn up. Have we interpreted everything correctly, do we understand the context of your organisation correctly? Together, we discuss the calculation, the scope of certification and the trajectory of the upcoming audits and certification. Transparency is the basis for trust.

Our specialists will be happy to tell you more about it. Call us at 088-224 56 00, please email us at sales@digitrust.nl or use our online contact form. We will be happy to visit you for a no-obligation introduction.

Request a no-obligation quote now

More than 300 organisations have already gone before you.

en_GBEN
nl_NLNL de_DEDE en_GBEN