On 25 June, 2025, Brand Compliance obtained accreditation from the Dutch Accreditation Council for NCS 7510:2025, which was published on 20 February 2025.
The assigned accreditation allows us to issue certificates for NEN 7510-1:2024 under accreditation.
Your certification for NEN 7510-1:2024 under accreditation
NEN 7510 is the Dutch certification for information security at healthcare institutions and administrators of personal health information, other than healthcare institutions. The last group consists of organizations that act as administrators regarding personal health information, for example healthcare service providers, municipalities and suppliers of healthcare institutions, such as hosting providers.
Do you already have a NEN 7510 certification? Then you must undergo a transition audit for the transition to NEN 7510-1:2024. We can perform this transition audit for you. The transition audit may be performed remotely if the objectives of the transition audit can be met.
If you are NEN 7510 certified by Brand Compliance, you will receive written information about the plan of action for transition to the new standard.
Validity of your NEN 7510 certificate
Was your certificate issued after February 20, 2025? Then your certificate is already valid until February 20, 2027.
Was your certificate issued before February 20, 2025? Then your certificate will have a validity date after February 20, 2027. If you are certified by Brand Compliance, we will inform you within a few months about what this means for you. You do not need to take any action.
Clarification of rules for cluster B organizations
The NCS 7510:2025 includes a procedure that comes into effect when it appears that an organization is no longer eligible for a NEN 7510 certificate. This procedure is as follows:
- If in the case of a 1st surveillance audit, it is determined that the organization has not had legality for processing personal health information in the period of 6 months prior to the ‘effective date of the current certification cycle +12 months’, the certificate of this organization will be revoked from that date.
- If in the case of a 2nd surveillance audit, it is determined that the organization has not had legality for processing personal health information in the period of 6 months prior to the ‘effective date of the current certification cycle + 24 months’, the certificate of this organization will be revoked from that date.
- If in the case of a recertification audit, it is determined that the organization has not had legality for processing personal health information in the period of 6 months prior to the ‘expiry date of the current certification cycle’, the certificate of this organization will be revoked from the expiry date.
Questions?
If you have any additional questions, feel free to contact us.
Veelgestelde vragen over NEN 7510-1:2024
NEN 7510-1:2024 is de nieuwste versie van de Nederlandse norm voor informatiebeveiliging in de zorg. De norm beschrijft hoe zorginstellingen en organisaties die persoonlijke gezondheidsinformatie beheren een managementsysteem voor informatiebeveiliging moeten inrichten en onderhouden.
Organisaties die al NEN 7510-gecertificeerd zijn moeten een transitieaudit uitvoeren om over te stappen naar NEN 7510-1:2024. Volgens de overgangsregeling moeten bestaande certificaten uiterlijk vóór 20 februari 2027 zijn overgezet naar de nieuwe versie van de norm.