Statement of Inclusions and Exclusions NCS 7516

NTA 7516 Criteria for Communication Service Providers

August 17, 2020 – Version 1.1

Group Criterion SecuMailer Value
Availability Minimum availability (6.1.2) Yes 99.95%
Maximum downtime duration (6.1.3) Yes 0
Maximum data loss (6.1.4) Yes 0
Integrity Origin verification (6.1.5) Yes eIDAS “Substantial” and “High”
Data integrity (6.1.6) Yes TLS / DANE
Non-repudiation of sender (6.1.7) Yes TLS / SPF / DKIM / DMARC
Sender authorization (6.1.8) Yes TLS / SPF / DKIM / DMARC
Confidentiality Data confidentiality (6.1.9) Yes AES256
Access confidentiality (6.1.10) Yes eIDAS “Substantial” and “High”
Communication confidentiality (6.1.11) Yes TLS / DANE
Legal basis for transmission (6.1.12) No Transmission basis is determined by the sender
International ad-hoc message traffic (6.1.13) Yes EU-based
Usability Continuity of ad-hoc messaging – replies (6.1.14) Yes ESMTP
Continuity of ad-hoc messaging – forwarding (6.1.15) Yes ESMTP
Security as convenience (6.1.16) Yes ESMTP
Readability (6.1.17) Yes ESMTP
Own copy (6.1.18) Yes ESMTP
Interoperability File integration (6.1.19) Partial An API is available
Multi-channel communication (7.2) Yes NTA 7516 Certified

REST API

Developer portal ›

SecuMailer has a REST API for sending secure emails. Both the GDPR and the NTA 7516 functionality are fully accessible via this API.

The API is documented with OpenAPI specification 3.0.1.

The REST API has webhook functionality, which means that the SecuMailer platform can communicate email events with an HTTPS endpoint of the sender.

SMTP API

The SMTP API is usually the simplest integration option for many backend applications because backend applications often have a provision for an SMTP client on board.

We have successfully integrated for customers with Salesforce, SAP and Centric. We have also successfully integrated with patient file systems such as Medisoft Dossier Manager.

GraphQL API

The SecuMailer platform offers insight into email events. This can be done on the basis of a (push) webhook call (see REST API above) and on the basis of a (pull) GraphQL endpoint.

Get a Demo

Name(Required)

Contact Sales

Your Name(Required)

Secure business emails without changing your team’s workflow

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Get a Demo
Contact Sales
business

Business Need

  • Proposals, contracts, HR files, customer data, board materials.

  • Must meet GDPR/AVG, eIDAS, NIS2, DORA.

  • Security must not add friction.

The SecuMailer Approach

  • Runs behind existing mail environment.

  • Users send as usual; encryption, policy, recipient assurance applied automatically.

  • Step-up verification when needed.

  • Delivery logged; content removed after delivery.

Core capabilities

With SecuMailer, businesses can exchange proposals, contracts, and sensitive files securely while maintaining workflow speed. Encryption and compliance controls run in the background, so teams focus on execution, not on security hurdles.

Encryption by default.

Step-up assurance (OTP/SMS).

eIDAS-qualified registered email.

Secure large-file transfer.

Interoperability across ecosystem.

Compliance, built-in / Compliance & governance

Designed to align with GDPR principles: integrity/confidentiality, privacy by design/by default, data minimisation, accountability. Supports regulated contexts (NIS2; DORA for financial services). Evidence and reporting fit ISMS and audit requirements. EU data sovereignty is standard: hosted in European data centres operated by European providers, no dependence on hyperscalers. Certifications/attestations available (ISO 27001, SOC 2 Type 2, eIDAS; health flows align with NEN 7510/NTA 7516).

ISO 27001

SecuMailer is ISO 27001 certified, the international standard for information security management systems. This certification demonstrates that we apply rigorous controls to protect sensitive information, continuously assess risks, and follow best practices to keep data secure and compliant.

NEN 7510

NEN 7510

SecuMailer is certified to NEN 7510, the Dutch standard for information security in healthcare. This certification ensures that medical and patient information is handled according to strict national requirements, giving healthcare organizations confidence in secure digital communication.

ISAE 3000

ISAE 3000

SecuMailer has successfully completed ISAE 3000 / SOC 2 Type II assurance, an independent audit that verifies the design and effectiveness of our internal controls. This provides our customers with proof that we meet strict criteria for security, availability, and privacy on an ongoing basis.

eIDAS

eIDAS (EU Trusted service provider)

SecuMailer is listed under the European eIDAS regulation as a qualified Electronic Registered Delivery Service (qERDS) and qualified Registered Electronic Mail Service (qREMS). This recognition confirms that our service meets the highest EU standards for trusted electronic communication and is included in the official EU Trusted List.

Cybersecurity

ECSO Label of Trustworthiness

SecuMailer is recognized with the ECSO Label of Trustworthiness, issued by the European Cyber Security Organisation (ECSO). This label distinguishes European-owned cybersecurity companies that are fully based in Europe, compliant with GDPR, and aligned with ENISA’s baseline security requirements. It confirms our commitment to European values of privacy and data sovereignty, and strengthens our visibility among partners and customers as a trusted European provider of secure email.

For IT and Security

IT guy

  • Lightweight integration (SMTP/MTA, APIs, SAML/SSO).

  • End-to-end protections (TLS, SPF, DKIM, DMARC, DANE, DNSSEC).

    Technical implementation was completed in just one day.

  • Intelligent DLP with policy enforcement.

    Only five minor incidents in the first week, all resolved immediately.

  • Comprehensive, audit-ready logging.

    Meets all Dutch and EU standards for secure mailing with natural persons.

Outcomes

With SecuMailer, healthcare professionals can communicate securely and seamlessly. Sensitive information—from discharge letters to imaging files—flows directly into inboxes without portals or extra steps, ensuring privacy while keeping care moving quickly.

Reduced friction for clients/teams.

Lower incident risk.

Less support overhead.

Audit-ready evidence.

Secure, compliant email without delays.

Your data. Your rules. Your next step.

Discover how SecuMailer helps you achieve your goals for secure, simple and compliant email without compromise. Whether you’re comparing, exploring or just curious, we’re happy to help.

See pricing
Contact Sales