NVZ / NEN 7510


Hospitals have information security high on their agenda. Collaboration bodies and regulators are responding to this.

Secura zorg


The Dutch Association of Hospitals (NVZ) and the Dutch Federation of University Medical Centers (NFU) have together drawn up a Roadmap and included it in a policy framework to enable the sector to take steps. The ultimate goal is to realize a sector-wide quality improvement to at least the level of the NEN 7510 standard. This is in line with the requirement to comply with the NEN 7510 standard (and associated standards), which is laid down in a statutory decision and regulation. The Roadmap requires two audits that Secura provides.


NVZ Code of Conduct Audit

The NVZ and NFU have administrative agreements with the Dutch Data Protection Authority (AP) for a "Code of Conduct Access Security for digital patient files" (and the associated audit framework). Part of this agreement is that affiliated organizations have themselves audited by a qualified RE (Register EDP Auditor) to determine whether the minimum intended security measures are in place. The standards to be applied are laid down in the audit framework of the Code of Conduct for Access Security digital patient files and concern:

  • Authentication
  • Authorization
  • Logging
  • Monitoring
  • Awareness


Any shortcomings must be followed up and verified again. This concerns an Assurance audit aimed at providing an opinion with a reasonable degree of certainty in accordance with the NOREA Guideline 3000 for Assurance engagements.


Baseline Audit NEN 7510

With a baseline audit, an organization can demonstrate that it is "in control" of information security and / or gain insight into where improvements can still be made. The standard for this is NEN 7510. This baseline audit consists of 4 steps:

  1. Scope
  2. Inventory and measurement
  3. Analysis
  4. Reporting

In the report you will find a summary of the main findings and the related risks explained with a heat map. This provides support in prioritizing improvement measures and providing insight into improvements based on the delta measurements. The organization draws up a list of action points together with the Auditor. The integral findings and actions are included in an appendix and are provided in an Excel file.


How can Secura help?

A Secura IT Auditor (RE) registered with the NOREA, with specific expertise in the sector, is responsible for conducting the audits.

Secura offers the following services:

  1. NVZ Audit Code of Conduct
  2. Baseline Review NEN 7510

Fact sheets

Information security in healthcare

(Available in Dutch only) Our healthcare information security services: NVZ NEN 7510 Nulmeting & Gedragslijn Audit 1.0

Download fact sheet file_download
Secura Contact Shape
Partners of Secura

Cybersecurity is more than technology alone. Secura collaborates with partners in compliance and risk management, integrated application security, privacy, IT- and internet law and certification.