Statement of Inclusions and Exclusions NCS 7516

NTA 7516 Criteria for Communication Service Providers

August 17, 2020 – Version 1.1

Group Criterion SecuMailer Value
Availability Minimum availability (6.1.2) Yes 99.95%
Maximum downtime duration (6.1.3) Yes 0
Maximum data loss (6.1.4) Yes 0
Integrity Origin verification (6.1.5) Yes eIDAS “Substantial” and “High”
Data integrity (6.1.6) Yes TLS / DANE
Non-repudiation of sender (6.1.7) Yes TLS / SPF / DKIM / DMARC
Sender authorization (6.1.8) Yes TLS / SPF / DKIM / DMARC
Confidentiality Data confidentiality (6.1.9) Yes AES256
Access confidentiality (6.1.10) Yes eIDAS “Substantial” and “High”
Communication confidentiality (6.1.11) Yes TLS / DANE
Legal basis for transmission (6.1.12) No Transmission basis is determined by the sender
International ad-hoc message traffic (6.1.13) Yes EU-based
Usability Continuity of ad-hoc messaging – replies (6.1.14) Yes ESMTP
Continuity of ad-hoc messaging – forwarding (6.1.15) Yes ESMTP
Security as convenience (6.1.16) Yes ESMTP
Readability (6.1.17) Yes ESMTP
Own copy (6.1.18) Yes ESMTP
Interoperability File integration (6.1.19) Partial An API is available
Multi-channel communication (7.2) Yes NTA 7516 Certified

REST API

Developer portal ›

SecuMailer has a REST API for sending secure emails. Both the GDPR and the NTA 7516 functionality are fully accessible via this API.

The API is documented with OpenAPI specification 3.0.1.

The REST API has webhook functionality, which means that the SecuMailer platform can communicate email events with an HTTPS endpoint of the sender.

SMTP API

The SMTP API is usually the simplest integration option for many backend applications because backend applications often have a provision for an SMTP client on board.

We have successfully integrated for customers with Salesforce, SAP and Centric. We have also successfully integrated with patient file systems such as Medisoft Dossier Manager.

GraphQL API

The SecuMailer platform offers insight into email events. This can be done on the basis of a (push) webhook call (see REST API above) and on the basis of a (pull) GraphQL endpoint.

Get a Demo

Name(Required)

Contact Sales

Your Name(Required)

 Enable secure, provable, compliant email across real estate and housing workflows, while teams keep working in Outlook/Microsoft 365 or Google Workspace. No portals. No pick-up links. No “send securely” buttons.

Client trust, operational speed. No trade-offs.

Get a Demo
Contact Sales
Housing

The sector reality

  • Portfolios run on communication: leases and addenda, rent increases, reminders, , maintenance coordination and investor reports.

  • Everything must reach the right party, tenants, corporates, investors, municipalities, contractors, quickly, confidentially and with proof.

  • Regulations tighten, yet portals and extra steps slow operations, frustrate tenants and vendors, and drive risky workarounds.

The SecuMailer Approach

  • SecuMailer sits behind your existing mail.

  • Staff write and send as usual; in the background we apply policy, encryption, recipient assurance and legal evidence.

  • Messages land in the recipient’s normal inbox.

  • Where higher assurance is required, policy triggers step-up verification (e.g., one-time code) or in-browser decryption after authentication

  • Delivery and access are logged; message bodies are removed after successful delivery to support data minimisation.

  • Result: high adoption with tenants and partners, without friction in your processes.

What This Enables

A new lease goes out encrypted by default and is read without a portal. Rent increases and payment reminders are sent at scale with auditable delivery. Notices and formal communications use eIDAS-qualified registered email from the same mailbox, recognised proof of dispatch and receipt, no paper or delays. Large files move via secure transfer with access control, expiry and recall. Your teams keep momentum; Compliance has the evidence it needs.

Pleadings encrypted by default.

HR/KYC documents securely shared.

eIDAS-registered email for notice-critical flows.

Secure large bundles (expiry, recall).

Interoperability, not silos

Exchange securely with counterparties and courts using other certified secure-mail solutions. Operate one platform internally while collaborating safely across the wider legal ecosystem.

Exchange securely with courts/counterparties using certified solutions.

Compliance, built-in / Compliance & governance

Protection is on by default and scales with risk, aligned to GDPR principles (integrity/confidentiality, privacy by design/by default, data minimisation, accountability). For notice-critical flows, eIDAS provides legally recognised evidence. Data sovereignty is standard: EU-hosted, operated by European providers. no hyperscaler dependency. Certifications/attestations (e.g., ISO 27001, SOC 2 Type 2) fit your ISMS, DPIAs and vendor reviews.

ISO 27001

SecuMailer is ISO 27001 certified, the international standard for information security management systems. This certification demonstrates that we apply rigorous controls to protect sensitive information, continuously assess risks, and follow best practices to keep data secure and compliant.

NEN 7510

NEN 7510

SecuMailer is certified to NEN 7510, the Dutch standard for information security in healthcare. This certification ensures that medical and patient information is handled according to strict national requirements, giving healthcare organizations confidence in secure digital communication.

ISAE 3000

ISAE 3000

SecuMailer has successfully completed ISAE 3000 / SOC 2 Type II assurance, an independent audit that verifies the design and effectiveness of our internal controls. This provides our customers with proof that we meet strict criteria for security, availability, and privacy on an ongoing basis.

eIDAS

eIDAS (EU Trusted service provider)

SecuMailer is listed under the European eIDAS regulation as a qualified Electronic Registered Delivery Service (qERDS) and qualified Registered Electronic Mail Service (qREMS). This recognition confirms that our service meets the highest EU standards for trusted electronic communication and is included in the official EU Trusted List.

Cybersecurity

ECSO Label of Trustworthiness

SecuMailer is recognized with the ECSO Label of Trustworthiness, issued by the European Cyber Security Organisation (ECSO). This label distinguishes European-owned cybersecurity companies that are fully based in Europe, compliant with GDPR, and aligned with ENISA’s baseline security requirements. It confirms our commitment to European values of privacy and data sovereignty, and strengthens our visibility among partners and customers as a trusted European provider of secure email.

What you see operationally

Less friction for tenants and vendors because messages arrive in the normal inbox. Fewer incidents thanks to consistent, automatic protection. Lower support load, no portals to explain or maintain. Stronger evidentiary position in disputes and audits. Above all: secure, compliant email that doesn’t slow real estate and housing operations.

Less friction for case teams/clients.

Lower incident risk.

Audit-ready evidence.

Secure, compliant email that maintains legal velocity.

Your data. Your rules. Your next step.

Discover how SecuMailer helps you achieve your goals for secure, simple and compliant email without compromise. Whether you’re comparing, exploring or just curious, we’re happy to help.

See pricing
Contact Sales