Statement of Inclusions and Exclusions NCS 7516

NTA 7516 Criteria for Communication Service Providers

August 17, 2020 – Version 1.1

Group Criterion SecuMailer Value
Availability Minimum availability (6.1.2) Yes 99.95%
Maximum downtime duration (6.1.3) Yes 0
Maximum data loss (6.1.4) Yes 0
Integrity Origin verification (6.1.5) Yes eIDAS “Substantial” and “High”
Data integrity (6.1.6) Yes TLS / DANE
Non-repudiation of sender (6.1.7) Yes TLS / SPF / DKIM / DMARC
Sender authorization (6.1.8) Yes TLS / SPF / DKIM / DMARC
Confidentiality Data confidentiality (6.1.9) Yes AES256
Access confidentiality (6.1.10) Yes eIDAS “Substantial” and “High”
Communication confidentiality (6.1.11) Yes TLS / DANE
Legal basis for transmission (6.1.12) No Transmission basis is determined by the sender
International ad-hoc message traffic (6.1.13) Yes EU-based
Usability Continuity of ad-hoc messaging – replies (6.1.14) Yes ESMTP
Continuity of ad-hoc messaging – forwarding (6.1.15) Yes ESMTP
Security as convenience (6.1.16) Yes ESMTP
Readability (6.1.17) Yes ESMTP
Own copy (6.1.18) Yes ESMTP
Interoperability File integration (6.1.19) Partial An API is available
Multi-channel communication (7.2) Yes NTA 7516 Certified

REST API

Developer portal ›

SecuMailer has a REST API for sending secure emails. Both the GDPR and the NTA 7516 functionality are fully accessible via this API.

The API is documented with OpenAPI specification 3.0.1.

The REST API has webhook functionality, which means that the SecuMailer platform can communicate email events with an HTTPS endpoint of the sender.

SMTP API

The SMTP API is usually the simplest integration option for many backend applications because backend applications often have a provision for an SMTP client on board.

We have successfully integrated for customers with Salesforce, SAP and Centric. We have also successfully integrated with patient file systems such as Medisoft Dossier Manager.

GraphQL API

The SecuMailer platform offers insight into email events. This can be done on the basis of a (push) webhook call (see REST API above) and on the basis of a (pull) GraphQL endpoint.

Get a Demo

Name(Required)

Contact Sales

Your Name(Required)

Clinicians focus on patients, we secure the email

Care comes first. SecuMailer makes email security invisible, so clinicians keep working as usual and sending sensitive information remains quick and simple. Every message is protected automatically, ensuring patient data stays confidential without slowing down daily operations.

With built-in compliance for healthcare regulations, SecuMailer reduces administrative burdens while maintaining a seamless workflow. Doctors, nurses, and staff can focus on patient care, confident that every email is secure, traceable, and compliant—without extra steps or interruptions.

Get a Demo
Contact Sales
Healthcare

The Challenge

  • Referrals, discharge letters, lab results and invoices must reach the right person fast.

  • Portals create friction and lower completion rates.

  • Regulations (GDPR/AVG, NEN 7510, NTA 7516) demand strong controls.

  • Need both: security and simplicity.

The SecuMailer Approach

  • Runs behind Outlook/Microsoft 365 and Google Workspace.

  • Compose and send as usual.

  • Encryption, policy, 2FA applied automatically.

  • Messages arrive in inbox; delivery and access logged for audit/legal proof.

  • After delivery, content removed for data minimisation.

What this enables or Core capabilities

With SecuMailer, healthcare professionals can communicate securely and seamlessly. Sensitive information—from discharge letters to imaging files—flows directly into inboxes without portals or extra steps, ensuring privacy while keeping care moving quickly.

Minimize the risk of data breaches

Minimize the risk of data breaches

Verify recipients before delivering sensitive data

Provide a legally demonstrable proof of secure delivery

Why Healthcare chooses SecuMailer / Interoperability, not silos

Direct communication

Interoperability with other secure mail solutions

EU data sovereignty

Compliance, built-in / Compliance & governance

Protection is applied by default and scaled by policy, aligning with GDPR/AVG principles (integrity and confidentiality, privacy by design/by default, data minimisation, accountability) and healthcare standards such as NEN 7510 and NTA 7516. Data sovereignty is ensured: the platform runs in EU data centres operated by European providers, without reliance on hyperscalers. Certifications and attestations (e.g., ISO 27001, SOC 2 Type 2, eIDAS) support DPIAs, audits and vendor-risk reviews.

For transparency, our certifications can be made available to customers and partners upon request.

ISO 27001

SecuMailer is ISO 27001 certified, the international standard for information security management systems. This certification demonstrates that we apply rigorous controls to protect sensitive information, continuously assess risks, and follow best practices to keep data secure and compliant.

NEN 7510

NEN 7510

SecuMailer is certified to NEN 7510, the Dutch standard for information security in healthcare. This certification ensures that medical and patient information is handled according to strict national requirements, giving healthcare organizations confidence in secure digital communication.

ISAE 3000

ISAE 3000

SecuMailer has successfully completed ISAE 3000 / SOC 2 Type II assurance, an independent audit that verifies the design and effectiveness of our internal controls. This provides our customers with proof that we meet strict criteria for security, availability, and privacy on an ongoing basis.

eIDAS

eIDAS (EU Trusted service provider)

SecuMailer is listed under the European eIDAS regulation as a qualified Electronic Registered Delivery Service (qERDS) and qualified Registered Electronic Mail Service (qREMS). This recognition confirms that our service meets the highest EU standards for trusted electronic communication and is included in the official EU Trusted List.

Cybersecurity

ECSO Label of Trustworthiness

SecuMailer is recognized with the ECSO Label of Trustworthiness, issued by the European Cyber Security Organisation (ECSO). This label distinguishes European-owned cybersecurity companies that are fully based in Europe, compliant with GDPR, and aligned with ENISA’s baseline security requirements. It confirms our commitment to European values of privacy and data sovereignty, and strengthens our visibility among partners and customers as a trusted European provider of secure email.

For IT and Security

IT guy

  • Lightweight integration (SMTP/MTA, APIs, SAML/SSO).

  • End-to-end protections (TLS, SPF, DKIM, DMARC, DANE, DNSSEC).

    Technical implementation was completed in just one day.

  • Intelligent DLP with policy enforcement.

    Only five minor incidents in the first week, all resolved immediately.

  • Comprehensive, audit-ready logging.

    Meets all Dutch and EU standards for secure mailing with natural persons.

Outcomes

Less friction

Lower incidents

Lower support load

Audit-ready proof

Your data. Your rules. Your next step.

Discover how SecuMailer helps you achieve your goals for secure, simple and compliant email without compromise. Whether you’re comparing, exploring or just curious, we’re happy to help.

See pricing
Contact Sales