ISO 27001 is thé worldwide standard for information security, developed by ISO (International Organization for Standardization). An information security management system (ISMS) consists of policies, procedures, guidelines and activities that are managed by an organization to protect its information. An ISMS takes a systematic approach to establishing, implementing, executing, monitoring, assessing, maintaining and improving an organization’s information security to achieve defined objectives. An ISMS is based on a risk assessment of the organization, which is designed to handle risk effectively.
NEN 7510 is a Dutch standard developed by the Dutch Standardization Institute (NEN). Part 1 of NEN 7510 has the same basis as ISO 27001, namely safeguarding the availability, integrity and confidentiality of information by applying a risk management process.
However, Part 2 provides specific guidance for healthcare facilities and other personal health information managers. The controls in part 2 are written to supplement ISO 27001 and are aimed at a specific target group: those responsible for overseeing the information security of health information, healthcare facilities and other personal health information managers.
What are the differences between ISO 27001 and NEN 7510?#
There are many similarities, but also a number of differences between ISO 27001 and NEN 7510, which are briefly explained below.
ISO 27001 is suitable for many different organizations. NEN 7510 focuses specifically on healthcare institutions and managers of personal health information.
ISO 27001 is a globally applied standard developed by ISO. NEN 7510 is a Dutch standard developed by the NEN.
NEN 7510 focuses on personal health information, while ISO 27001 focuses on all valuable information within an organization.
Our colleagues Bart Versluijs and Jade Reilink are happy to explain everything about the differences between ISO 27001 and NEN 7510 and which standard suits your organization best. Make an appointment or contact us on +31 73 220 2030.