On 25 June, 2025, Brand Compliance obtained accreditation from the Dutch Accreditation Council for NCS 7510:2025, which was published on 20 February 2025.
The assigned accreditation allows us to issue certificates for NEN 7510-1:2024 under accreditation.
Your certification for NEN 7510-1:2024 under accreditation
NEN 7510 is the Dutch certification for information security at healthcare institutions and administrators of personal health information, other than healthcare institutions. The last group consists of organizations that act as administrators regarding personal health information, for example healthcare service providers, municipalities and suppliers of healthcare institutions, such as hosting providers.
Do you already have a NEN 7510 certification? Then you must undergo a transition audit for the transition to NEN 7510-1:2024. We can perform this transition audit for you. The transition audit may be performed remotely if the objectives of the transition audit can be met.
If you are NEN 7510 certified by Brand Compliance, you will receive written information about the plan of action for transition to the new standard.
Validity of your NEN 7510 certificate
Was your certificate issued after February 20, 2025? Then your certificate is already valid until February 20, 2027.
Was your certificate issued before February 20, 2025? Then your certificate will have a validity date after February 20, 2027. If you are certified by Brand Compliance, we will inform you within a few months about what this means for you. You do not need to take any action.
Clarification of rules for cluster B organizations
The NCS 7510:2025 includes a procedure that comes into effect when it appears that an organization is no longer eligible for a NEN 7510 certificate. This procedure is as follows:
- If in the case of a 1st surveillance audit, it is determined that the organization has not had legality for processing personal health information in the period of 6 months prior to the ‘effective date of the current certification cycle +12 months’, the certificate of this organization will be revoked from that date.
- If in the case of a 2nd surveillance audit, it is determined that the organization has not had legality for processing personal health information in the period of 6 months prior to the ‘effective date of the current certification cycle + 24 months’, the certificate of this organization will be revoked from that date.
- If in the case of a recertification audit, it is determined that the organization has not had legality for processing personal health information in the period of 6 months prior to the ‘expiry date of the current certification cycle’, the certificate of this organization will be revoked from the expiry date.
Questions?
If you have any additional questions, feel free to contact us.