With great pleasure and some pride, we can report that Ipse de Bruggen, a large care organisation for people with disabilities has been NEN7510-1:2017 certified. This demonstrates that they have a functioning management system for information security in healthcare. The certification was issued under RvA accreditation. This makes Ipse de Bruggen one of the few disabled care organisation to be certified under accreditation.
These are those milestones that should be celebrated. And we did. I went through the whole journey again during a speech. How did it go, what did we experience in this journey together. It was a very intensive audit, but with a great result. Then I was able to present the certificate to this team. #superheroes
Below is the press release, prepared by Ipse de Bruggen
'Certification according to NEN 7510 is part of good care'
Ipse de Bruggen meets strict standard for handling confidential information
Ipse de Bruggen handles medical data confidentially, carefully and adequately. The organisation is one of the few healthcare institutions for people with a mental disability that meets the strict standards of NEN 7510. These standards for information security in healthcare were developed by the Netherlands Standardisation Institute. Accredited certification agency DigiTrust recently awarded Ipse de Bruggen the corresponding certificate.
"Privacy and information security are part of good care, just like physical care or giving the right medication," says Hanno Brandsema, Director of Services at Ipse de Bruggen. "Over the past few months, DigiTrust has scrutinised the entire care organisation several times after more than a year of preparation, concluding that Ipse de Bruggen more than meets the standards for handling confidential information and privacy. This assures clients and their families and relatives that information security is part of the good care Ipse de Bruggen provides."
Re-certification follows every three years, during which the organisation has to meet a large number of requirements. Information architect Wim Heemskerk: "To obtain the certificate, we had to meet over two hundred standard requirements. These requirements not only relate to ICT, but also to the policy and operations of the entire organisation. So, in addition to laptops and networks, it is also about access to rooms, scrap paper and the orientation of a workplace."
More risk
Obtaining the NEN 7510 certificate is not an end in itself for the organisation, but it does show that the organisation considers information security and privacy extremely important. Information security officer (CISO) Marc Been: "Nobody likes it when medical data ends up on the street. But there are more major risks. Personal data is worth a lot of money these days. This is what cybercriminals trade in. With this data, cyber criminals can apply for loans, for example. Clients with intellectual disabilities are also more at risk in this respect. It is up to the caregiver to protect the client together with the family. Once data is out on the street, it also leads to major reputational damage for the organisation and high fines from the Personal Data Protection Authority."
