EN 
NL 
DE Care
Certification from DigiTrust proves that personal data is safe with you.
More than 300 organisations have already gone before you.
Why certify NEN 7510?
What is an NEN 7510 audit and why is it important for your organisation?
Since January 2018, all healthcare providers in the Netherlands must comply with NEN 7510 comply, in accordance with the Electronic Data Processing Healthcare Providers Decree.
This law also states that organisations must comply with NEN 7512 and NEN 7513. After all, electronic data processing must be secure (NEN 7512), but activities must also be carefully logged (NEN 7513).
The law states that healthcare organisations must meet these standards. What it does not say is that the organisations must be certified. However, based on the content of the most recent letters from the Ministry of Health, Welfare and Sport regarding upcoming e-health regulations, it will be a matter of time before NEN 7510 certification is made mandatory. A certification is therefore strongly recommended by the Dutch Association of Hospitals (NVZ) with which DigiTrust works.
![logo-zl-concern[1]](https://www.digitrust.nl/wp-content/uploads/2025/02/logo-zl-concern1-300x90.jpg){kind=logo}
![cmyk-Logo Cura Mare [top]](https://www.digitrust.nl/wp-content/uploads/2024/09/RGB-Logo-CuraMare-300x45.jpg){kind=logo}
or call one of our specialists
Already important for IGJ and AP
NEN 7510 certification is already important for all healthcare providers. The Healthcare and Youth Inspectorate (IGJ) assesses healthcare providers on many points, including the NEN 7510. If this is found not to be met, the IGJ immediately issues a deadline for correction and impartial demonstration of compliance with the NEN 7510. Furthermore, IGJ cooperates with the Personal Data Authority (AP). In the unlikely event of a data breach, having NEN 7510 certification is important. After all, as a board, it allows you to demonstrate that you have done everything possible to have and keep information security in order.
To avoid this panic football, we see the boards of more and more healthcare providers choosing to start the NEN 7510 certification process themselves.
Would you like to receive the self-assessment form?
With this form, you can easily self-assess your readiness for certification.
Then fill in your details below, you will receive the form directly by e-mail.
Audit
Without an independent audit conducted by a certifying body, it is not possible to obtain certification. It is the way to demonstrate that you have a functioning information security management system.
If you want more certainty about whether your organisation and its information security management system are ready for certification, we can perform a pre-audit. This is also known as a baseline measurement. During this audit, we take a close look at the management system and include various control measures as required. The DigiTrust auditor will deliver a complete audit report. This gives you a good idea of the possible gaps (deviations) that may still exist compared to the standard.
Initial certification
DigiTrust assesses whether the system works and functions according to the requirements. This assessment includes reviewing all operations at your office as well as at the implementation site. The initial certification consists of 2 parts. The phase 1 and phase 2 audit.
During the phase 1 audit, we take an outline look at your management system (ISMS) and whether you are really ready for the phase 2 audit. We will also create the audit plan together for the phase 2. Who do we need when.
During the phase 2 audit, we test the ISMS and all management measures.
Phase 1
During the phase 1 audit, we take an outline look at your management system (ISMS) and whether you are really ready for the phase 2 audit. We will also create the audit plan together for the phase 2. Who do we need when.
Phase 2
During the phase 2 audit, we test the entire management system and take a close look at all control measures. Are these carefully set up in accordance with your own risk analysis? Are the principles relating to Availability, Integrity and Confidentiality of information carefully arranged?
Issue certificate
If the audit concludes positively then you will be 'nominated' for certification. DigiTrust's certification manager normally reviews the file; a kind of peer review. If everything is in order, your information security management system is certified.
Control 1
During the term of the certificate, which is usually three years, DigiTrust will conduct an annual surveillance audit. During a surveillance audit, we take a sample on the various standard elements. In case of a positive assessment, the current certificate will be continued.
Control 2
DigiTrust will visit about three months before the certificate expires for the reassessment. This assessment is of the same scope as the one at step 2 and should ensure that if the result is positive, the certificate is renewed for another three years.
NEN 7510 auditor
DigiTrust's NEN 7510 auditor assesses the entire information security management system and all control measures taken. This demonstrates to the outside world that your organisation meets the strict guidelines and conditions in the field of information security.
During the DigiTrust audit, the context of the healthcare organisation is leading. After all, a GGD, for example, is different from a hospital or a specialist clinic.
DigiTrust NEN 7510 auditors come from healthcare backgrounds and therefore have a good feel for your organisation. We audit keenly, but do not saddle you with issues that are not relevant within the context of your organisation.
NEN 7510 audit checklist
Do you want to know if you are ready for certification yet or want to know where you stand with regard to the NEN 7510 requirements? Then download our checklist.
Of course, in addition to this checklist, we can also perform a baseline measurement or pre-audit. During this audit, we take a close look at your information security management system and the 114 control measures from NEN 7510-2.
Questions about a NEN 7510 audit, a pre-audit or training or want to talk about certification options?
Our specialists will be happy to tell you more about it. Call us at 088-224 56 00, please email us at sales@digitrust.nl or use our online contact form. We will be happy to visit you for a no-obligation introduction.
More than 300 organisations have already gone before you.