HomepageNews & mediaStories

Difference between ISO 27001 and NEN 7510

Mar 08, 2023Audit / Information security management system

The essence of ISO 27001 and NEN 7510 in one overview

Due to increased digitization, online information security is becoming increasingly important. At the same time, it remains important to store offline documents securely. After all, we do not want confidential information, such as personal health information, to fall into the wrong hands. ISO 27001 and NEN 7510 are well-known standards that set rules and guidelines for handling this information. Although both standards are very similar, they do differ from each other. In this blog, you can read more about ISO 27001 and NEN 7510, and how they differ from each other.

What is the difference between ISO 27001 and NEN 7510?

  • Scope of the standards:
    • ISO 27001: International standard developed by ISO (International Organization for Standardization).
    • NEN 7510: Dutch standard based on ISO 27799, developed by NEN (Dutch Standard), only applicable in the Netherlands.
  • Scope of application:
    • ISO 27001: Suitable for many different types of organizations.
    • NEN 7510: Specifically for healthcare institutions and administrators of personal health information.
  • Focus:
    • ISO 27001: Focuses on all confidential information within an organization.
    • NEN 7510: Focuses specifically on personal health information.
  • Additional measures:
    • NEN 7510 contains additional measures specifically aimed at the healthcare sector.

ISO 27001 White Paper

Quotation

Audit FAQs

The standards in brief

Why choose DEKRA for ISO 27001 and NEN 7510?
Experienced market leader

Our experts have years of experience in the field of information security and management system certification. DEKRA is active in more than 60 countries and our certificates are recognized worldwide.

Accredited for ISO/IEC 27001:2022

On October 25, 2022, a new version of ISO 27001 was released: ISO/IEC 27001: 2022. DEKRA has been accredited for this by the Dutch Accreditation Council (RvA). From April 1, 2024, we will only certify against ISO/IEC 27001:2022.

Accredited for NEN 7510

DEKRA has been accredited by the Dutch Accreditation Council (RvA) for NEN 7510-1:2017+A1:2020. The accreditation assessment for the new version, NEN 7510:2024, will be completed shortly. We hope to be able to assist you with this soon.

People-Based Auditing

In our approach, we always pay attention to the human factor. After all, it is people who determine how processes, systems, and working methods are implemented. We call our approach People-Based Auditing.

ISO 27001 and NEN 7510 for your organization

Which standard is most suitable for your organization? As a rule of thumb, if you work for a healthcare institution, you should opt for NEN 7510. If you do not work in healthcare but do work with personal health information, for example as an IT organization with a healthcare institution as a customer, then it is advisable to obtain both ISO 27001 and NEN 7510 certification.
To become certified as an administrator under NEN 7510, you must demonstrate how you come into contact with this health data and which activities, products, or services are involved. You can do this, for example, by means of a processing agreement. You must also indicate which healthcare-specific control measures you take to manage this information securely. If you do not have any customers in the healthcare sector but do manage confidential information, then ISO 27001 is suitable. Would you like to know more about information security at DEKRA? Find out here.
Contact | ISO 27001 & NEN 7510 healthcare providers
Henry Dwars
Contact | NEN 7510 healthcare providers
Harriëtte van der Sar
Hands typing on a laptop
ISO 27001 certification
How do you implement a robust information security strategy? ISO 27001 certification offers you this opportunity.
Keyboard with a stethoscope representing NEN 7510
NEN 7510 certification
Dutch law stipulates that healthcare institutions must demonstrably comply with the requirements of NEN 7510. This is the Dutch standard for information security in healthcare, based on ISO 27001.