ISO 9001
Quality management
Your customers would like evidence that your organization meets the right requirements. With an ISO 9001 certificate you can demonstrate that the needs and requirements of customers are met and the reliability of your products or services is improved. The ISO 9001 standard helps your organization to control and improve quality management..
The requirements of this internationally recognized standard include the following topics:
- The operations of the organization with regard to their stakeholders and their expectations;
- The involvement of the management in the quality management system;
- Defining quality objectives;
- Managing the quality management system;
- The control of processes;
- Performance evaluation;
- Continuous improvement of the organization.
ISO 22301
Business Continuity Management
The ISO 22301 concerns Business Continuity Management (BCM). BCM looks at the organization's preparation for the unexpected and the ability to deliver the products or services at a predetermined, acceptable level after an incident.
The ISO 22301 includes, among other things:
- The business processes and risk assessment;
- Determining a continuity strategy;
- Procedures for managing incidents;
- Assessing the effectiveness of business continuity plans;
- Restoring normal business operations after an incident.
In addition, the functioning of the organization, the involvement of management and the continuous improvement of the organization are examined.
ISO 27001
Information Security Management
As an organization you want to be able to show that you manage the information of your customers with due care. With the ISO 27001 certificate you demonstrate that your organization complies with the laws and regulations regarding information securityThe ISO 27001 standard contains requirements for establishing, implementing, checking, assessing, maintaining and improving the management system: the ISMS (Information Security Management System).
The requirements of this internationally recognized standard include the following topics:
- The operations of the organization with regard to their stakeholders and their expectations;
- Management involvement in the ISMS;
- Awareness of information security throughout the organization;
- Risk management;
- Management of the development process;
- Performance evaluation;
- Continuous improvement of the organization.
ISO 27701
Privacy management
The ISO27701 is the standard for privacy management and is an extension of the ISO27001 standard, which specifically looks at the establishment, implementation, maintenance and improvement of a Privacy Information Management System (PIMS) as a supplement to the existing Information Security Management System (ISMS). This certification is of added value when an organization is required to handle privacy-sensitive information in a responsible manner. Especially when this information can be traced back to an individual, or Personally Identifiable Information (PII).
The ISO27701 looks at the security techniques focused on privacy and cyber risks, the extension of the ISO27001 privacy information management measures and the management system for protecting personal data (PIMS).
NEN 7510
Information security in healthcare
The NEN7510 standard was developed for healthcare institutions and organizations that work with personal health dataThis standard is an addition to the ISO 27001 standard, and focuses on the processing, management and security of health information. The NEN7510 certification shows that the organization has its information security in order, both on a technical, organizational and procedural level.
A NEN7510 certification offers several advantages, such as:
- Providing independent assurance about the information security of personal health data;
- Forming independent evidence on critically assessing data security risks in healthcare;
- Meeting the requirements of the Ministry of Health, Welfare and Sport.
NEN 7512
Data exchange in healthcare
If you are involved in the exchange of data in healthcare, you may be required to comply with NEN 7512. The NEN 7512 standard relates to electronic communication in healthcarebetween healthcare providers and healthcare institutions and between healthcare providers and patients and clients, healthcare insurers and other parties involved in healthcare.
The NEN 7512 is a more elaborate extension of the requirements of the NEN 7510 standard. Among other things, minimum requirements are set for the authentication, verification and security of:
- The sender of the data;
- The transport of the data;
- The recipient of data.
NEN 7513
Logging of data in healthcare
If you manage or provide an Electronic Patient Dossier (EPD) or a Personal Health Environment (Persoonlijke Gezondheidsomgeving, PGO)then the NEN 7513 applies to you. This standard determines which activities must be logged in a patient dossier and when. These logs provides insight into who has had access to that patient file.
The NEN 7513 is a further specification of the requirements of the NEN 7510 standard. Among other things, minimum requirements are set for:
- What needs to be logged;
- Who has access to (log) data;
- How long this (log) data is stored.
NTA 7516
Ad-hoc data exchange in healthcare
If you are involved in the ad hoc exchange of highly sensitive information (doctor’s office information) in healthcare, you may be required to comply with the NTA 7516. The NTA 7516 relates to ad hoc data exchange. bijvoorbeeld door middel van e-mail- of chatapplicaties. This includes e-mail, for example, but also chat programs and apps that send messages with sensitive information.
The NTA 7516 sets requirements for, among other things:
- Availability of the data;
- Data integrity;
- Data confidentiality;
- User-friendliness of the ad-hoc communication;
- Interoperability of the ad hoc means of communication;
- Technical implementation of the ad-hoc communication.