The Dutch Association of Hospitals (NVZ) and the Dutch Federation of
University Medical Centers (NFU) have together drawn up a Roadmap and
included it in a policy framework to enable the sector to take steps.
The ultimate goal is to realize a sector-wide quality improvement to at
least the level of the NEN 7510 standard. This is in line with the
requirement to comply with the NEN 7510 standard (and associated
standards), which is laid down in a statutory decision and regulation.
The Roadmap requires two audits that Secura provides.
NVZ Code of Conduct Audit
The NVZ and NFU have administrative agreements with the Dutch Data
Protection Authority (AP) for a "Code of Conduct Access Security for
digital patient files" (and the associated audit framework). Part of
this agreement is that affiliated organizations have themselves audited
by a qualified RE (Register EDP Auditor) to determine whether the
minimum intended security measures are in place. The standards to be
applied are laid down in the audit framework of the Code of Conduct for
Access Security digital patient files and concern:
- Authentication
- Authorization
- Logging
- Monitoring
- Awareness
Any shortcomings must be followed up and verified again. This
concerns an Assurance audit aimed at providing an opinion with a
reasonable degree of certainty in accordance with the NOREA Guideline
3000 for Assurance engagements.
Baseline Audit NEN 7510
With a baseline audit, an organization can demonstrate that it is "in
control" of information security and / or gain insight into where
improvements can still be made. The standard for this is NEN 7510. This
baseline audit consists of 4 steps:
- Scope
- Inventory and measurement
- Analysis
- Reporting
In the report you will find a summary of the main findings and the
related risks explained with a heat map. This provides support in
prioritizing improvement measures and providing insight into
improvements based on the delta measurements. The organization draws up a
list of action points together with the Auditor. The integral findings
and actions are included in an appendix and are provided in an Excel
file.
How can Secura help?
A Secura IT Auditor (RE) registered with the NOREA, with specific
expertise in the sector, is responsible for conducting the audits.
Secura offers the following services:
- NVZ Audit Code of Conduct
- Baseline Review NEN 7510