Insight
Security and privacy in Deepinsight
Published: 18. mars 2026
Author: Jarle Kittilsen
At Deepinsight, security and privacy are a prerequisite for everything we develop. As a provider to the healthcare sector, we understand the responsibility that comes with handling health data, and we work in a structured and long-term way to meet it. With clear requirements, documented processes, and continuous improvement, we deliver solutions that meet both current and future expectations for security.
ISO 27001
Deepinsight is ISO 27001 certified and follows recognized international standards for information security. This means we work systematically with risk management, clear security processes, and continuous improvement.
Privacy and responsible data use
Deepinsight processes personal data in accordance with applicable data protection legislation, including GDPR. Data is only processed for defined purposes and with the necessary security measures in place. We develop our services in line with the principles of privacy by design. Data processing agreements are entered into with all customers, which in turn govern the processing of customer data.
Protection of data and systems
Deepinsight has established both technical and organizational measures to protect data and systems. This includes, among other things, a secure technical architecture, role- and need-based access control, system monitoring and logging, secure development practices, and clear procedures for managing suppliers and third parties.
We also emphasize training and awareness among employees. Security is a shared responsibility, and good practices work best when they are well understood and applied in daily operations.
NIS2 / Digital Security Act
The NIS2 Directive aims to increase the resilience of network and information systems for both private and public entities operating in relevant sectors within the EU, including the healthcare sector.
Deepinsight complies with the requirements of the NIS2 Directive and its Norwegian implementation through the Digital Security Act. Customers of Deepinsight can be confident that we have the necessary policies and processes in place to ensure they can also meet their obligations under NIS2.
Code of practice for information security and privacy in the health care sector (the “Norm”)
The Norm describes organizational, technical, physical, and personnel security measures considered suitable for achieving satisfactory information security and privacy in the healthcare sector.
Deepinsight follows the requirements and recommendations set out in the Norm and uses it as a foundation for the services we deliver.
