Cookie consent(s)
We use cookies on our website to personalize content and ads, to provide social media features and to analyze traffic to our website. Please click "ACCEPT ALL" to enable us to offer you the best possible experience on our website. By doing so, you consent to the processing and sharing of your information with our social media, advertising and analytics partners. You can revoke your consent at any time on the cookie settings page​.
Privacy statement

The differences between ISO 27001 and NEN 7510

Mar 08, 2023 Audit

Increased digitization is increasing the importance of online information security. Meanwhile it’s also vital to keep offline documents secure. Naturally we don’t want confidential information like personal health details to fall into the wrong hands. ISO 27001 and NEN 7510 are familiar standards that set rules and guidelines for handling this information. Although both standards are very similar, they do differ. This blog offers you more information about ISO 27001 and NEN 7510, and how they differ.

ISO 27001

ISO 27001 is the global standard for information security. It provides guidelines and structure for establishing a management system for information security, for both offline and online information. The information management risks are minimized through measures. Examples include passwords for digital files, or keys for cabinets holding physical files. Measures for controlling these risks can be found in ISO 27002, an annex to ISO 27001.

NEN 7510

NEN 7510 is a national standard in the Netherlands, aimed specifically at organizations working with personal health information. That means the standard is intended particularly for healthcare institutions and suppliers to healthcare companies. This includes not just information that an organization stores internally, but also data that healthcare institutions exchange among themselves. One example might be a general practitioner transferring a patient file to a hospital. The NEN 7510 structure is almost identical to that of ISO 27001. The standard comprises two parts. The first covers the guidelines for a good information management system, while the second expands on the first.

The differences

What variances are there between ISO 27001 and NEN 7510? One of the main differences is the scope of the standards. ISO 27001 is an international standard developed by the ISO (International Organization for Standardization). NEN 7510 however is based on ISO 27799 and was developed by NEN (the Royal Netherlands Standardization Institute) and is only effective in the Netherlands. ISO 27001 is also suitable for many different organizational types. NEN 7510 only applies to healthcare institutions and custodians of personal health information. That concentrates its focus on personal health information, while ISO 27001 focuses on all confidential information within the organization. The more in-depth NEN 7510 also contains extra additions, of measures specific to healthcare.

The standard for your organization

Which standard is most suitable for your organization? As a rule of thumb, if you work at a healthcare organization you should opt for NEN 7510. If you’re not working in healthcare but you do work with personal health information, for example, as an IT organization with a healthcare organization as a client? Then you would do well to comply with both ISO 27001 and NEN 7510. To be certified against NEN 7510 as an administrator, you show the way you handle this health data, and what activities, products or services are involved. One way of doing this is by using a processor agreement. You must also indicate what healthcare-specific control measures you take to manage this information securely. If you don’t have healthcare customers but you do manage confidential information? Then ISO 27001 is appropriate. Want to know more about information security at DEKRA? Find out here​.
Show all articles