Statement of Inclusions and Exclusions NCS 7516

NTA 7516 Criteria for Communication Service Providers

August 17, 2020 – Version 1.1

Group Criterion SecuMailer Value
Availability Minimum availability (6.1.2) Yes 99.95%
Maximum downtime duration (6.1.3) Yes 0
Maximum data loss (6.1.4) Yes 0
Integrity Origin verification (6.1.5) Yes eIDAS “Substantial” and “High”
Data integrity (6.1.6) Yes TLS / DANE
Non-repudiation of sender (6.1.7) Yes TLS / SPF / DKIM / DMARC
Sender authorization (6.1.8) Yes TLS / SPF / DKIM / DMARC
Confidentiality Data confidentiality (6.1.9) Yes AES256
Access confidentiality (6.1.10) Yes eIDAS “Substantial” and “High”
Communication confidentiality (6.1.11) Yes TLS / DANE
Legal basis for transmission (6.1.12) No Transmission basis is determined by the sender
International ad-hoc message traffic (6.1.13) Yes EU-based
Usability Continuity of ad-hoc messaging – replies (6.1.14) Yes ESMTP
Continuity of ad-hoc messaging – forwarding (6.1.15) Yes ESMTP
Security as convenience (6.1.16) Yes ESMTP
Readability (6.1.17) Yes ESMTP
Own copy (6.1.18) Yes ESMTP
Interoperability File integration (6.1.19) Partial An API is available
Multi-channel communication (7.2) Yes NTA 7516 Certified

REST API

Developer portal ›

SecuMailer has a REST API for sending secure emails. Both the GDPR and the NTA 7516 functionality are fully accessible via this API.

The API is documented with OpenAPI specification 3.0.1.

The REST API has webhook functionality, which means that the SecuMailer platform can communicate email events with an HTTPS endpoint of the sender.

SMTP API

The SMTP API is usually the simplest integration option for many backend applications because backend applications often have a provision for an SMTP client on board.

We have successfully integrated for customers with Salesforce, SAP and Centric. We have also successfully integrated with patient file systems such as Medisoft Dossier Manager.

GraphQL API

The SecuMailer platform offers insight into email events. This can be done on the basis of a (push) webhook call (see REST API above) and on the basis of a (pull) GraphQL endpoint.

Get a Demo

Name(Required)

Contact Sales

Your Name(Required)

Trusted citizen communication, secure by design

Enable secure, compliant email for public-sector organisations while preserving workflows in Office 365, Google Workspace, and Apple. SecuMailer ensures sensitive government communications are fully protected, allowing employees to work efficiently without compromising security or regulatory compliance.<br><br>

Seamless integration with existing systems means teams can continue using familiar tools, while IT and security departments maintain oversight and control. With SecuMailer, public-sector organisations achieve both productivity and compliance, keeping critical information safe without slowing down operations.
Seamless integration ensures teams continue using the tools they know, while IT departments gain full visibility and control over email security. With SecuMailer, businesses maintain productivity and compliance simultaneously, without adding complexity to everyday workflows.

Get a Demo
Contact Sales
goverment

Public-Sector Need

  • Citizen records, permits, case files, procurement, HR, finance.

  • Must be timely, accessible, compliant (GDPR/AVG, eIDAS, NIS2).

  • No friction that slows service delivery.

The SecuMailer Approach

  • Works behind existing mail.

  • Policy, encryption, recipient assurance applied automatically.

  • Step-up verification when needed.

  • Delivery logged; content removed after delivery.

  • Content removed after delivery.

What This Enables

With SecuMailer, public-sector organisations deliver citizen notices, permits, and case files securely, straight to inboxes. Security and compliance happen automatically, so services remain efficient, transparent, and trusted.

Secure citizen notices and decisions—without portals.

Seamless inter-agency communication.

Secure file transfer (expiry, recall).

eIDAS-registered email for legal proof.

Interoperability, not silos

Public bodies often rely on a mix of secure-mail solutions across agencies and suppliers. SecuMailer interoperates with other certified platforms, allowing your organisation to operate one solution while exchanging securely across the wider government ecosystem.

Direct communication

Interoperability with other secure mail solutions

EU data sovereignty

Compliance, built-in / Compliance & governance

Designed to align with GDPR principles: integrity/confidentiality, privacy by design/by default, data minimisation, accountability. Supports regulated contexts (NIS2; DORA for financial services). Evidence and reporting fit ISMS and audit requirements. EU data sovereignty is standard: hosted in European data centres operated by European providers, no dependence on hyperscalers. Certifications/attestations available (ISO 27001, SOC 2 Type 2, eIDAS; health flows align with NEN 7510/NTA 7516).

ISO 27001

SecuMailer is ISO 27001 certified, the international standard for information security management systems. This certification demonstrates that we apply rigorous controls to protect sensitive information, continuously assess risks, and follow best practices to keep data secure and compliant.

NEN 7510

NEN 7510

SecuMailer is certified to NEN 7510, the Dutch standard for information security in healthcare. This certification ensures that medical and patient information is handled according to strict national requirements, giving healthcare organizations confidence in secure digital communication.

ISAE 3000

ISAE 3000

SecuMailer has successfully completed ISAE 3000 / SOC 2 Type II assurance, an independent audit that verifies the design and effectiveness of our internal controls. This provides our customers with proof that we meet strict criteria for security, availability, and privacy on an ongoing basis.

eIDAS

eIDAS (EU Trusted service provider)

SecuMailer is listed under the European eIDAS regulation as a qualified Electronic Registered Delivery Service (qERDS) and qualified Registered Electronic Mail Service (qREMS). This recognition confirms that our service meets the highest EU standards for trusted electronic communication and is included in the official EU Trusted List.

Cybersecurity

ECSO Label of Trustworthiness

SecuMailer is recognized with the ECSO Label of Trustworthiness, issued by the European Cyber Security Organisation (ECSO). This label distinguishes European-owned cybersecurity companies that are fully based in Europe, compliant with GDPR, and aligned with ENISA’s baseline security requirements. It confirms our commitment to European values of privacy and data sovereignty, and strengthens our visibility among partners and customers as a trusted European provider of secure email.

For IT and Security

IT guy

  • Lightweight integration (SMTP/MTA, APIs, SAML/SSO).

  • End-to-end protections (TLS, SPF, DKIM, DMARC, DANE, DNSSEC).

    Technical implementation was completed in just one day.

  • Intelligent DLP with policy enforcement.

    Only five minor incidents in the first week, all resolved immediately.

  • Comprehensive, audit-ready logging.

    Meets all Dutch and EU standards for secure mailing with natural persons.

Outcomes

With SecuMailer, public-sector organisations deliver citizen notices, permits, and case files securely, straight to inboxes. Security and compliance happen automatically, so services remain efficient, transparent, and trusted.

Less friction for citizens/agencies

Lower incident risk.

Strong audit/public-record proof.

Secure, compliant email that doesn’t slow operations.

Your data. Your rules. Your next step.

Discover how SecuMailer helps you achieve your goals for secure, simple and compliant email without compromise. Whether you’re comparing, exploring or just curious, we’re happy to help.

See pricing
Contact Sales