Insight
Security and privacy in Deepinsight
Author: Jarle Kittilsen
At Deepinsight, security and privacy are a prerequisite for everything we develop. As a provider to the healthcare sector, we understand the responsibility that comes with handling health data, and we work in a structured and long-term way to meet it. With clear requirements, documented processes, and continuous improvement, we deliver solutions that meet both current and future expectations for security.
ISO 27001
Deepinsight is ISO 27001 certified and follows recognized international information security requirements. This means that we work systematically with risk management, clear security processes and continuous improvement.
Privacy and responsible data use
Deepinsight processes personal data in accordance with applicable privacy legislation, including GDPR. Data is processed only for defined purposes and with necessary security measures in place. We develop our services in line with the principles of privacy by design. Data processing agreements are entered into with all customers, which further sets the framework for processing the customer's data.
Protection of data and systems
Deepinsight has established both technical and organizational measures to protect data and systems. This includes, among other things, a secure technical architecture, access management based on roles and need, monitoring and logging of systems, secure development practices and clear procedures for handling suppliers and third parties.
In addition, we emphasize training and awareness among employees. Security is a shared responsibility, and good routines work best when they are well understood and used in everyday work.
NIS2/Digital Security Act
The NIS2 Directive aims to increase resilience in network and information systems of both private and public entities operating in relevant sectors in the EU, including the healthcare sector.
Deepinsight complies with the requirements of the NIS2 Directive and the Norwegian implementation of the Digital Security Act. Deepinsight customers can be completely confident that we have the necessary policies and processes in place as required so that the customer can also meet its obligations under NIS2.
Norm for Information Security and Privacy in the Health and Care Sector (Normen)
Normen describes organizational, technical, physical and personnel security measures deemed suitable for achieving satisfactory information security and privacy in the healthcare sector.
Deepinsight follows the requirements and recommendations set out in Normen, and uses it as the basis for the services we deliver.
