The challenge: need for structure and capacity
In a healthcare organization with 1,100 employees, day-to-day client care is obviously the highest priority. Yet information security is becoming increasingly important, especially in light of increasing digital risks and stricter laws and regulations. Although steps have already been taken, incidents - from human error to digital vulnerabilities - remain a reality. Our goal is not a utopia of 0% errors, but rather to structurally improve, reduce risks and be better prepared.
Bianca, employed at the institution for 23 years, committed to improving processes with limited resources. "Changing our processes takes a lot of time," she says. "Even editing documents can be challenging." At the same time, internal factors, such as board changes and complex decision-making, play a role in the journey.
Pressure from the government is increasing, with concrete examples being the mandatory compliance with the NEN 7510 standard and the advent of stricter regulations such as the NIS2 Directive, where administrators can be held personally accountable. This increases the urgency to act quickly and thoughtfully.
In this context, external help was chosen: the organization was looking for a partner who not only brought substantive knowledge, but who could also help structure and cope with capacity problems. Thus the collaboration was born, with the first goal: working according to NEN 7510, and then working toward certification.
The approach: listen first, then do
In November 2023, Fendix launched a GAP analysis. Consultant Jelle began with strong preparation. "He figured out in advance which topics were important and helped us find the right people for the interviews."
The interviews were conducted in one week. After processing, Jelle presented the analysis to the Board of Directors, identifying strengths as well as areas for improvement and concerns.
Bianca especially appreciates the practical support she received from Jelle. "What made the difference for me was Jelle's understanding of our working environment. He not only identified what could be improved, but also explained why certain methods were necessary." She remembers well how Jelle introduced the RASCI model when the organization needed a clear division of roles. "That gave us exactly the structure we needed."
The results: more control, better processes
The collaboration yielded immediate results. Processes became clearer, the team built knowledge, and suppliers were more tightly controlled. Perhaps most importantly, information security became a regular topic in Board meetings.
"We have a much better grip on the situation now," says Bianca. "Instead of constantly inventing new solutions, we work with central guidelines."
Information security is not just about technology, but mainly about awareness and a strong corporate culture. As Bianca rightly says, "Everyone automatically locks their car when they leave it. I would like information security to become just as natural, so that every employee in his or her role is aware of it."
Looking Ahead
For the future, GGZ Western North Brabant has clear ambitions. Bianca wants the Plan-Do-Check-Act cycle to flow throughout the organization. "We don't want to keep reinventing the wheel, but to work in a structured way on improvement." In addition, she strives to no longer treat information security as a separate issue, but as part of all work processes. "We are well on our way as an organization, more still lie plenty of challenges."
With Jelle's support, GGZ Westelijk Noord-Brabant has not only taken steps towards NEN 7510, but has also laid a solid foundation for an organizational culture in which information security is a matter of course. Because that's what it's all about: not just complying with regulations, but making sure patient data is truly secure. After all, trust in healthcare is the most important thing of all - for patients, employees and the organization itself.
Do you recognize the challenges of GGZ Western North Brabant?
Do you also want to get a grip on information security and privacy and work in compliance with NEN 7510? Contact us for an informal meeting about how we can help your organization.
.png)
