Cookie consent(s)
We use cookies on our website to personalize content and ads, to provide social media features and to analyze traffic to our website. Please click "ACCEPT ALL" to enable us to offer you the best possible experience on our website. By doing so, you consent to the processing and sharing of your information with our social media, advertising and analytics partners. You can revoke your consent at any time on the cookie settings page​.
Privacy statement

Difference between ISO 27001 and NEN 7510

Mar 08, 2023 Audit

The essence of ISO 27001 and NEN 7510 in one overview

Due to increased digitization, online information security is becoming increasingly important. At the same time, it remains important to store offline documents securely. After all, we do not want confidential information, such as personal health information, to fall into the wrong hands. ISO 27001 and NEN 7510 are well-known standards that set rules and guidelines for handling this information. Although both standards are very similar, they do differ from each other. In this blog, you can read more about ISO 27001 and NEN 7510, and how they differ from each other.

What is the difference between ISO 27001 and NEN 7510?

  • Scope of the standards:
    • ISO 27001: International standard developed by ISO (International Organization for Standardization).
    • NEN 7510: Dutch standard based on ISO 27799, developed by NEN (Dutch Standard), only applicable in the Netherlands.
  • Scope of application:
    • ISO 27001: Suitable for many different types of organizations.
    • NEN 7510: Specifically for healthcare institutions and administrators of personal health information.
  • Focus:
    • ISO 27001: Focuses on all confidential information within an organization.
    • NEN 7510: Focuses specifically on personal health information.
  • Additional measures:
    • NEN 7510 contains additional measures specifically aimed at the healthcare sector.

The standards in brief

    What is ISO 27001?

    ISO 27001 is the global standard for information security. The standard provides guidelines and structure for establishing a management system for information security, both offline and online information.
    Measures
    Various measures are taken to minimize the risks associated with information management. These include:
    • Establishing a clear information security policy and associated procedures.
    • Conducting a risk analysis to identify vulnerabilities and threats and address them effectively.
    • Regularly training employees to raise their awareness of information security and their role in it.
    • Using strong passwords, two-factor authentication (2FA), and role-based access rights to prevent unauthorized access.
    • Encrypting sensitive data using encryption, both during storage and transfer.
    • Securing physical spaces, for example with a code lock or camera surveillance, to restrict unwanted access.
    Measures to control these risks are set out in ISO 27002, an annex to ISO 27001.
    Why choose DEKRA for ISO 27001 and NEN 7510?

    ISO 27001 and NEN 7510 for your organization

    Which standard is most suitable for your organization? As a rule of thumb, if you work for a healthcare institution, you should opt for NEN 7510. If you do not work in healthcare but do work with personal health information, for example as an IT organization with a healthcare institution as a customer, then it is advisable to obtain both ISO 27001 and NEN 7510 certification.
    To become certified as an administrator under NEN 7510, you must demonstrate how you come into contact with this health data and which activities, products, or services are involved. You can do this, for example, by means of a processing agreement. You must also indicate which healthcare-specific control measures you take to manage this information securely. If you do not have any customers in the healthcare sector but do manage confidential information, then ISO 27001 is suitable. Would you like to know more about information security at DEKRA? Find out here​.
    ISO 27001 certification
    How do you implement a robust information security strategy? ISO 27001 certification offers you this opportunity.
    Read more
    NEN 7510 certification
    Dutch law stipulates that healthcare institutions must demonstrably comply with the requirements of NEN 7510. This is the Dutch standard for information security in healthcare, based on ISO 27001.
    Read more
    Show all articles