100% Hosted in the eu
ISOPlanner™ includes a complete NEN 7510 framework with all requirements from NEN 7510-1 pre-structured and NEN 7510-2 controls mapped. You do not start from a blank document. Requirements are organized and ready to assign to the responsible owners in your organization.
Identify, assess, and document information security risks specific to your healthcare context. Configure risk scoring to reflect the clinical significance of data and system availability, not just generic business impact. The full risk register is maintained in SharePoint with a complete audit trail.
Policies, procedures, and evidence live in SharePoint with version control and access management. Clinical and administrative staff access what they need without leaving Microsoft 365. Document approvals are built into the Business plan and above.
Compliance tasks are assigned and completed through Outlook. Healthcare staff complete monitoring tasks, submit evidence, and confirm control execution without learning a new tool. Schedules align with clinical cycles, not just calendar quarters.
ISOPlanner's automated control monitoring can verify security controls across your Microsoft 365 environment, including multi-factor authentication status and Microsoft Secure Score. These checks run on a schedule and deliver results directly to the relevant controls in your NEN 7510 framework.
Organizations managing both NEN 7510 and ISO 27001 save 30-40% of effort on overlapping controls. ISOPlanner™ maps shared requirements between standards automatically. Organizations adding NEN 7510 to an existing ISO 27001 implementation address only the incremental healthcare-specific requirements.
Organizations with an existing ISO 27001 certification can typically add NEN 7510 in 6-8 weeks. The management system infrastructure is already in place. The incremental work covers healthcare-specific controls, the clinical risk assessment, and the documentation required under Dutch healthcare law.
01.
How does NEN 7510 relate to ISO 27001?
NEN 7510 is based on ISO 27001 and adopts its management system structure, but adds healthcare-specific requirements for protecting patient health information. Where ISO 27001 provides a general information security framework, NEN 7510 applies it to the Dutch healthcare context with additional controls for health data, patient safety, and continuity of care. Organisations certified against NEN 7510 are well-positioned for ISO 27001 certification. ISOPlanner™ supports an integrated approach where both standards share documentation and audit evidence.
02.
Which organisations must comply with NEN 7510?
NEN 7510 compliance is mandatory for healthcare providers in the Netherlands that fall under the Wabvpz, including hospitals, general practitioners, pharmacies, mental health institutions, and home care organisations that process patient health data. Compliance is also required for healthcare IT suppliers and service providers who process health information on behalf of healthcare organisations. ISOPlanner™ helps both providers and their suppliers document and maintain compliance.
03.
What is NEN 7512 and how does it relate to NEN 7510?
NEN 7512 specifies trust requirements for electronic data exchange in healthcare, focusing on authentication and authorisation of parties exchanging patient data. While NEN 7510 provides the overarching information security management framework, NEN 7512 addresses specific requirements for secure data communication between healthcare parties. Both standards are typically implemented together. ISOPlanner™ supports implementation of both within a single management system.
04.
What is NEN 7513 and what does it require?
NEN 7513 specifies requirements for logging access to patient records in healthcare information systems. It defines what must be logged, how long logs must be retained, and how access logs must be made available to patients and supervisory authorities. NEN 7513 directly supports GDPR access rights and is required for systems processing electronic health records in the Netherlands. ISOPlanner™ includes a logging controls template aligned to NEN 7513 requirements.
05.
Can an organisation get NEN 7510 and ISO 27001 certified simultaneously?
Yes. Because NEN 7510 is built on the ISO 27001 management system structure, both certifications can be pursued simultaneously using an integrated management system. A single combined audit can cover both control sets, reducing audit overhead and aligning evidence collection. ISOPlanner™ is designed for this combined certification path, mapping NEN 7510 healthcare-specific controls alongside the ISO 27001 Annex A control set.
06.
How long does NEN 7510 implementation typically take?
For a healthcare organisation already familiar with process documentation, NEN 7510 implementation typically takes four to nine months from gap assessment to certification audit. Organisations with an existing ISO 27001 framework can move significantly faster. Key stages are: gap assessment, risk assessment and treatment plan, control implementation, internal audit, management review, and certification audit. ISOPlanner™ provides a structured implementation roadmap that guides healthcare organisations through each stage.
07.
Which certification bodies accredit NEN 7510 audits in the Netherlands?
NEN 7510 audits are conducted by accredited certification bodies recognised by the Raad voor Accreditatie (RvA). Common bodies include LRQA, Bureau Veritas, DNV, and BSI. The audit follows the same three-year cycle as ISO 27001: Stage 1 documentation review, Stage 2 certification audit, surveillance audits in years 1 and 2, and recertification in year 3. ISOPlanner™ prepares healthcare organisations for the full audit cycle with structured evidence collection and audit-ready documentation.
Log in to your ISOPlanner™ workspace, or start a free trial.
Log in Start your free trial
