Information security policy ISO and NEN

 

Information security related to the development, production, implementation, and publishing of software, including hosting. Eumedianet obtains infrastructure from vendors for the services it provides to its clients (fiber optic cables and associated infrastructure). On Eumedianet’s media platforms, videos, related media and descriptive files, as well as accompanying documents for clients, are stored. Clients can then edit, analyze, and distribute these files within the system.

The management of information security at Eumedianet BV is established according to ISO 27001 and NEN 7510 standards and in compliance with relevant laws and regulations. Every employee understands the importance of information security and quality and applies it within their own area of work. The Golden Rules serve as the guiding principles. Knowledge and expertise are essential for sustainable information security and quality and must be ensured. All employees receive training on information security and quality awareness and the use of procedures.

Information provision plays a crucial role in all business processes of Eumedianet BV. Therefore, Eumedianet BV aims to handle information responsibly, meaning that the quality of information provision must be under control. A comprehensive organizational approach to information security plays a key role in this. Insufficient implementation of information security exposes the organization to unnecessary risks, which can lead to significant financial loss, legal consequences, and damage to reputation.

The required level of quality in information provision is achieved through an appropriate set of measures that ensure the availability, integrity, and confidentiality of information. The pillars of these measures are people, processes, and technology.

Measures are implemented in the information security process based on a risk analysis. The selection of appropriate measures is based on the real risks faced by Eumedianet BV. These measures are established based on ISO 27001 Annex A in conjunction with specific control measures in NEN 7510.

Eumedianet BV pursues the following critical success factors in information security:

  • Systems must be online and available 24/7.
  • Data from Eumedianet BV and its clients must be handled with integrity and always be accurate.
  • Data should only be accessible to individuals who require access for their work.
  • Customers receive services in accordance with the agreed SLA’s (Service Level Agreements).

Regarding NEN 7510, there is a particular need for healthcare information security. Increasing amounts of data are being exchanged, primarily involving work procedures (protocols) and supporting documents, rather than patient information in an Electronic Patient Record (EPD). It is important that this information is available and reliable for all parties.

Making this information available in Eumedianet’s management system (ISMS) and online workspaces, ensuring its integrity, and safeguarding confidentiality are important objectives of healthcare information security.

Due to the nature of the work, employees of Eumedianet BV almost always operate within the environment and under the responsibility of the institution. As a result, the impact of compliance-related legislation is limited. The main requirements of legal and contractual obligations, including those related to the protection of personal health information and the legal and ethical responsibilities of healthcare providers, encompass confidentiality. Eumedianet follows the policy that healthcare information should not come into its possession and should not be taken outside its own environment. It must maintain security levels for confidentiality and integrity.

Eumedianet always reports information security incidents to the client, and if necessary, the management of Eumedianet BV can be involved in discussing or addressing incidents with the clients.

Its solutions are almost always supportive of the primary processes, so there are no vital processes and systems in healthcare (where “vital” means that their failure can have adverse consequences for clients).