Case EerstelijnsZorg Zoetermeer

How EerstelijnsZorg Zoetermeer smoothly recertified for NEN 7510 with ISOPlanner

Since 2021, Stichting Factoring Huisartsenzorg en overige Eerstelijnszorg (SFHE), part of EerstelijnsZorg Zoetermeer (EZZ), had already been NEN 7510 certified. They already had a working information security management system (ISMS) built up from separate files they used for their initial certification. Yet the need for support of this ISMS grew. By cooperating with ISOPlanner, their overview increased, the connection between risks, policies and measures became clear and they could manage their risk analyses and ISMS independently of their supplier.

EZZ is the organization that supports general practitioners, pharmacists and other primary care providers. For example, in the area of mutual cooperation or in cooperation with other parties such as the hospital or the municipality. EZZ also provides facility support, including automation, accommodation and invoice support (factoring) for general practices.

ezz case isoplanner

Flexible support of ISMS

As an external security consultant, Alex Beckers is responsible for the NEN 7510 recertification at the SFHE. He explains how the cooperation with ISOPlanner came about: “I was looking for suitable software to support our ISMS. The funny thing was that I was never an advocate of using software to support your management system. I always thought that was a bit excessive and that I would have to make adjust to a whole new system. And that managing the new system would cost me a lot more time compared to my system with the separate files.

So I was fairly skeptical because sometimes these heavy systems want to force their way or process. I wanted tooling that was flexible enough but still could provide the right support. Because I had found that securing the coherence between all the separate files and components was difficult and I missed the overview. Software could provide added value there.”

No more dependence on supplier

The second reason Alex Beckers started looking for ISMS software was because he had previously worked with an external party for risk analysis. This party used a very comprehensive and complicated method that he could not manage himself.

Beckers continues: “I had no way to make new risk analyses or adjust policies. I always needed them for that. I found that dependence increasingly disturbing; I wanted to have more control.

I didn’t have a very extensive set of requirements because I didn’t really know what features and functionalities were available in ISMS solutions. So I started looking at what was available. I soon found out that there is a large market of providers of different solutions, including solution in European countries and even in the United States. However, my focus was on Dutch software providers who could clearly support NEN 7510, important for healthcare institutions.

In the end, I narrowed my list of ten providers down to three, including ISOPlanner. After the initial contact, I got a demonstration and dove into the demo environment to further explore the possibilities. That demo helped a lot to get a better idea of the possibilities.”

The 3 advantages of ISOPlanner according to EEZ

1. Unique integration with Sharepoint

The integration with Sharepoint was a major plus. It made sure they could easily integrate existing documents without starting all over again. So EEZ deliberately chose an empty software environment.

It took some time to insert the existing risk analysis, policy documents and measures in ISOPlanner. But because of the structure of ISOPlanner, this was accomplished in a reasonably compact period of about two months.

2. Accessibility and clarity

The accessibility and clarity without forcing a certain method upon users, was also an important feature. Alex Beckers explains, “That’s where ISOPlanner really excelled. I’ve been in ICT services for quite a few years, so I can master a system fairly quickly.

But ISOPlanner I understood immediately, the navigation was very logical. That’s why I quickly got an idea of how to insert our documents into the ISMS. That was less so with the other systems, I had to think much harder about the structure and inter relationships.”

I am very happy that we are now using this system. In retrospect, I should have done it earlier with the knowledge I now have about the added value of the system. So I’m very happy with it.
Alex Beckers

Security Consultant at EZZ

3. Overview of tasks

A third important advantage is that ISOPlanner gives an overview of open and periodic tasks at once. Beckers continues: “It is very inviting to control tasks in ISOPlanner and also keep track of them through the link with Outlook. Because of the overview, I expect it will eventually take me less time to maintain the standard.”

Ease and overview during recertification audit

A few weeks ago, after the first three years, the recertification audit took place. Alex Beckers says enthusiastically, “The ease with which I was able to demonstrate the connection between risks, measures and their follow-up during the audit was great. My old way was a lot more complicated. Now it was a matter of two clicks and I could immediately answer questions.

It was also amazing, because when the auditor asked a question about a particular measure, for example 8.2.6, I would click on 8.2.6. And I saw exactly what risk that measure stemmed from, how we implemented it and what additional documentation we had. And how we continue to measure and monitor it. It was ideal to go through the audit that way.

The auditor himself was also very impressed with our ISMS and with the accessibility and overview that ISOPlanner provided. When I told him that before we only had seperate documents and had inserted them in the system, he also concluded that this was a good choice.”

Great support and in-depth training

Alex Beckers concludes with a statement about the pleasant cooperation: “In early January I took part in the in-depth user training, despite the fact that I was already fairly familiar with the system at that time. Still, that in-depth training was worthwhile, pointing me to useful tips and additional functionalities. And the times I had a question, I submitted it via email or in the online ticket system. I received quick and neat answers to those.

In short, I am very happy that we are now using this system. In retrospect, I should have done it earlier with the knowledge I now have about the added value. So I’m very happy with it.”

See ISOPlanner in action

Book a live demo or start your free trial.