HomeCompliance › NEN 7510

NEN 7510 compliance software for healthcare in the Netherlands.

NEN 7510-1, NEN 7510-2 and NEN 7513 controls pre-loaded, BIO classification support, TIIP statement template, ENSIA registration tracking. Built for hospitals, GP groups, ROAZ regions and digital-health vendors.

Open the portal See pricing

What is NEN 7510?

NEN 7510 (Dutch healthcare information-security standard). Hospitals (UMCs, STZ, generic), GP groups, ROAZ regions, dental and physiotherapy practices at scale, and digital-health vendors selling into Dutch care.

Who needs to comply

  • Academic hospitals (UMCs) and STZ teaching hospitals
  • Regional and general hospitals
  • GP groups (huisartsenposten) and ROAZ regions
  • Care providers under WGBO scope
  • Digital-health vendors selling into Dutch care providers

Key NEN 7510 controls covered by Dazr

NEN 7510-1Management framework and risk management for healthcare.
NEN 7510-2Operational controls: access, communication, BCP, supplier relationships, incident response.
NEN 7513Access logging on the electronic health record.
TIIPToets Informatiebeveiliging in de Praktijk: an internal-audit-style self-assessment.
ENSIAAnnual self-assessment registered with the supervisor for relevant entities.

What auditors look for

NEN 7510 audits sample the same kinds of evidence as ISO 27001 audits, plus healthcare-specific checks: NEN 7513 access logging on the EHR, BIO classification per asset, TIIP statement and ENSIA registration. Dazr covers all of it.

How Dazr helps with NEN 7510

  • Maintain the NEN 7510-1 management framework as recurring tasks
  • Operate NEN 7510-2 controls alongside ISO 27001 Annex A if both are enabled
  • Track NEN 7513 access-logging review as a recurring task with evidence link to the EHR audit log
  • Hold the TIIP statement and refresh annually
  • Track ENSIA registration date and the next-due date on the workspace profile

Back to the full Dazr Compliance overview › | Sign up free ›

NEN 7510 questions, answered.

Does Dazr support the Dutch BIO classification?

Yes. The asset inventory has a classification field and the criticality scale (low / medium / high / critical) maps to BBN1 through BBN3.

Can we run NEN 7510 alongside ISO 27001?

Yes, and most healthcare organisations should. Enable both; Dazr creates separate but related tasks. The same evidence (e.g. an access-review log) often serves both.

Do you generate the TIIP statement for me?

No. The TIIP statement is your document. Dazr links to it from the compliance profile and tracks its annual review as a recurring task.

Where is data hosted?

European Union. Dutch healthcare typically requires EU-only data residency; we deliver that by default. AES-256-GCM at rest.

Ready to start your NEN 7510 program?

Free for one user. Pro €29/mo and Enterprise €299/mo are self-serve via Mollie. Custom (from €800/mo) is the only tier on a contract.

Open the portal All frameworks