Kiwa achieves NEN 7510:2024 accreditation
The Dutch Accreditation Council (RvA) has recently accredited Kiwa for the revised NEN 7510 standard. This accreditation allows Kiwa to audit and certify its clients in accordance with NEN 7510:2024. With this step, Kiwa further aligns with the already revised ISO 27001:2022 standard.
What has changed?
To keep quality standards relevant and up to date, they are periodically revised. Following the revision of ISO 27001 in 2022, a new version of NEN 7510 was published at the end of 2024. NEN 7510:2024 provides controls and practical guidelines for information security management systems (ISMS) in the healthcare sector.
The revised standard is aligned with ISO 27001:2022. Like ISO 27001, NEN 7510:2024 has been streamlined from fourteen chapters to four key domains: People, Physical, Technology and Organization. The number of controls has been reduced, partly by combining, to 93 general controls and eight healthcare-specific controls. The new controls are partly based on the European NIS2 Directive.
Transition period
As is customary, the publication of the new standard comes with a transition period. This means that organizations are not required to switch to the new standard immediately. The transition period started on 20 February 2025, so all existing certificates must be transitioned before 20 February 2027.
Our auditors have already gained extensive experience with the transition to ISO 27001:2022 and are ready to support your organization in adopting the revised NEN 7510 standard. Current NEN 7510 clients will be informed shortly about the available options to transition within the defined period.
Download the timeline NEN 7510:2024 (version 28 August 2025).
NEN 7510:2024 and ISO 27001:2022 prepared for NIS2 in healthcare
Does your organization hold both ISO 27001 and NEN 7510 certification? If so, the transition to NEN 7510:2024 will likely be smooth. This new version of the standard is more closely aligned with ISO 27001 and supports organizations in preparing for the upcoming European NIS2 Directive.
In the Netherlands, NIS2 will become mandatory from the second quarter of 2026 under the new Cybersecurity Act (Cyberbeveiligingswet, Cbw). This legislation introduces stricter requirements for information security, including in the healthcare sector.
NEN 7510:2024 is aligned with NIS2 and therefore provides an effective, sector-specific foundation to meet these new legal requirements in time. By implementing NEN 7510 now, organizations strengthen their digital resilience and take proactive measures to ensure compliance with future laws and regulations.
