Customer asks for ISO 27001 or NEN 7510, what fits us?
ISO 27001 is generic information security. NEN 7510 is the Dutch healthcare variant. Working for healthcare clients: NEN 7510. Otherwise: ISO 27001.
Try this first
- 1Ask the customer which norm they really require. A tender often says ISO 27001 but accepts equivalents like NEN 7510 or TISAX.
- 2Estimate effort. First certification typically takes months of preparation plus an audit by an accredited body.
- 3Start with a gap analysis against ISO 27001:2022 Annex A (93 controls grouped into 4 themes) or NEN 7510 clauses. Output: your action list.
- 4Build or buy an ISMS: document structure, risk assessment, statement of applicability, internal audit, management review.
- 5Plan at least 6 months between "everything in place" and the audit so the system has evidence of running.
When to bring us in
In hybrid healthcare (medtech, e-health, GGD links), NEN 7510 plus NEN 7512 is often required. Call us before hiring an auditor.
See also
- Does NIS2 apply to my company?Two questions decide it: are you in a listed sector, and do you meet the threshold from Recommendation 2003/361/EC (more than 50 FTE and more than EUR 10M turnover or balance sheet). Below that you are only indirectly in scope, via your customers. The threshold determines whether you are an important or essential entity depending on sector.
- What changes with the Dutch Cyber Security Act?The Cyberbeveiligingswet is the Dutch implementation of NIS2. Track NCSC for the exact effective date and the lower regulations.
- Am I personally liable as a director under NIS2?Yes. The board is accountable for approving and overseeing the cyber measures. Severe negligence can become personal.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.