The differences between NEN 7510 and ISO 27001
The essence of NEN 7510 and ISO 27001 at a glance
Increased digitization is increasing the importance of online information security. Meanwhile it’s also vital to keep offline documents secure. Naturally we don’t want confidential information like personal health details to fall into the wrong hands. NEN 7510 and ISO 27001 are familiar standards that set rules and guidelines for handling this information. Although both standards are very similar, they do differ. This blog offers you more information about NEN 7510, ISO 27001 and how they differ.
What does ISO 27001 entail?
ISO 27001
is the global standard for information security. It provides guidelines and structure for establishing a management system for information security, for both offline and online information. The information management risks are minimized through measures. Examples include passwords for digital files, or keys for cabinets holding physical files. Measures for controlling these risks can be found in ISO 27002, an annex to ISO 27001.
What does NEN 7510 entail?
NEN 7510
is a national standard in the Netherlands, aimed specifically at organizations working with personal health information. That means the standard is intended particularly for healthcare institutions and suppliers to healthcare companies. This includes not just information that an organization stores internally, but also data that healthcare institutions exchange among themselves. One example might be a general practitioner transferring a patient file to a hospital. The structure of NEN 7510 and ISO 27001 is almost identical. The standard comprises two parts. The first covers the guidelines for a good information management system, while the second expands on the first.
What are the differences between NEN 7510 and ISO 27001?
What differences are there between NEN 7510 and ISO 27001? One of the main differences between NEN 7510 and ISO 27001 is the scope of the standards. ISO 27001 is an international standard developed by the ISO (International Organization for Standardization). NEN 7510 however is based on ISO 27799 and was developed by NEN (the Royal Netherlands Standardization Institute) and is only effective in the Netherlands. ISO 27001 is also suitable for many different organizational types. NEN 7510 only applies to healthcare institutions and custodians of personal health information. That concentrates its focus on personal health information, while ISO 27001 focuses on all confidential information within the organization. The more in-depth NEN 7510 also contains extra additions, of measures specific to healthcare.
NEN 7510 and ISO 27001 for your organization
Which standard is most suitable for your organization? As a rule of thumb, if you work at a healthcare organization you should opt for NEN 7510. If you’re not working in healthcare but you do work with personal health information, for example, as an IT organization with a healthcare organization as a client? Then you would do well to comply with both NEN 7510 and ISO 27001. To be certified against NEN 7510 as an administrator, you show the way you handle this health data, and what activities, products or services are involved. One way of doing this is by using a processor agreement. You must also indicate what healthcare-specific control measures you take to manage this information securely. If you don’t have healthcare customers but you do manage confidential information? Then ISO 27001 is appropriate. Want to know more about information security at DEKRA? Find out
here​.
How do you implement a strong information security strategy? An ISO 27001 certification offers you this opportunity. DEKRA is happy to certify you against the international standards ISO/IEC 27001.
Read more
Dutch law requires healthcare institutions to demonstrably meet the requirements of NEN 7510. This is the Dutch standard for information security in healthcare, based on the international standard ISO/IEC 27001.
Read more