NEN 7510:2024 Transition Guide - From old to new version in 7 steps

The transition period to NEN 7510:2024 is well underway. With just over a year until the February 2027 deadline, it's time to take action. Since July 2025, new certifications are only issued on the 2024 version. In this practical transition guide, we take you through the transition process step by step.

Where are we now?

NEN 7510:2024 has been published for over a year and the transition period has been running for a year. Here's the current status:

Milestone	Date	Status
Publication NEN 7510:2024	October 2024	Completed
Start transition period	January 2025	Completed
New certifications only on 2024 version	July 2025	Now in effect
End transition period	February 2027	~13 months remaining

Important: If your organization hasn't started the transition yet, now is the time to begin. Don't wait until the last moment - experience shows that the transition takes more time than expected.

Why transition to NEN 7510:2024?

NEN 7510:2024 is not just an update. The standard has been completely revised and aligned with ISO/IEC 27001:2022. This means:

New control structure: Better aligned with ISO 27001:2022

Tightened requirements: Especially in cybersecurity and supply chain security

NIS2 alignment: Better preparation for the European cybersecurity directive

---

Note: Certification bodies may have their own deadlines that are earlier than February 2027. Check with your certification body.

7 steps to a successful transition

Step 1: Perform gap analysis

Start with a thorough gap analysis to determine where you stand:

Compare your current controls with the updated controls

Identify the new controls and determine which apply

Assess your existing documentation for currency

Map risk areas that need extra attention

Step 2: Implement new controls

NEN 7510:2024 introduces new controls relevant to healthcare:

5.38 HLT: Analysis and specification of information security requirements

5.39 HLT: Uniquely identifying care recipients

5.42 HLT: Communication in emergency situations

6.9 HLT: Management training

Step 3: Revise Statement of Applicability (SoA)

Your Statement of Applicability must be adapted to the new structure:

Remap all old controls to the new ones

Add new controls with justification

Document which controls are not applicable and why

Step 4: Update risk assessment

The risk assessment is the foundation of your ISMS. Update it for:

New threats (ransomware, supply chain attacks)

Changed IT environment (cloud, remote working)

New legislation (NIS2, GDPR amendments)

Step 5: Update policies and procedures

Adapt your documentation to the new standard structure:

Update references to old standard paragraphs

Integrate new topics such as cloud security

Simplify where possible (the new structure allows for this)

Step 6: Train employees

Inform and train your employees about the changes:

Awareness sessions on new security controls

Specific training for key roles (CISO, ISO, system administrators)

Update e-learning modules and awareness material

Step 7: Plan internal audit and transition audit

Prepare for the formal transition:

Plan an internal audit on the new standard

Coordinate with your certification body on the transition path

Schedule the transition audit well before the deadline

Common mistakes during transition

Avoid these pitfalls:

1.Starting too late: The transition takes more time than expected

2.Only adapting documentation: The standard requires actual implementation

3.Ignoring new controls: All 11 new controls must be assessed

4.No management involvement: Leadership must support the transition

5.Forgetting suppliers: Suppliers must also meet new requirements

Transition checklist

Use this checklist to monitor your progress:

Gap analysis performed

New controls identified and assessed

Statement of Applicability adapted

Risk assessment updated

Policies and procedures updated

Employees informed and trained

Internal audit planned

Contact with certification body about transition path

Transition audit scheduled

How uComply accelerates your transition

The transition to NEN 7510:2024 doesn't have to be a headache. uComply offers:

Ready-to-use NEN 7510:2024 content pack: Immediately available with all new controls

Automated gap analysis: Compare your current status with the new standard

Transition mapping: Automatic linking of old to new controls

AI assistant: Get immediate answers to your transition questions

Audit-ready documentation: Generate reports for your certification body

With uComply, you have a clear overview of your transition progress and know exactly which steps you still need to take.

Summary

The transition to NEN 7510:2024 is an opportunity to strengthen your information security. Start on time, perform a thorough gap analysis, and work systematically through the 7 steps. With the right approach and tooling, the transition is manageable.

Want to know how uComply can accelerate your transition? Contact us for a demo or start directly with our NEN 7510:2024 content pack.