Insight
Security and privacy in Deepinsight
Author: Jarle Kittilsen
At Deepinsight, security and privacy are not something we add at the end: they are a prerequisite for everything we build.
As a supplier to the healthcare sector, we understand the responsibility that comes with handling health data, and we work in a structured and long-term way to meet it. With clear requirements, documented processes, and continuous improvement, we deliver solutions that meet both today's and tomorrow's security expectations.
ISO 27001
Deepinsight is ISO 27001 certified and follows recognized international requirements for information security. This means that we work systematically with risk management, clear security processes, and continuous improvement.
Privacy and responsible data use
Deepinsight processes personal data in accordance with applicable privacy legislation, including GDPR. Data is processed only for defined purposes and with the necessary security measures in place. We develop our services in line with the principles of privacy by design. Data processing agreements are entered into with all customers, which further set the framework for the processing of the customer's data.
Protection of data and systems
Deepinsight has established both technical and organizational measures to protect data and systems. This includes, among other things, a secure technical architecture, role- and need-based access control, monitoring and logging of systems, secure development practices, and clear procedures for handling suppliers and third parties.
In addition, we emphasize employee training and awareness. Security is a shared responsibility, and good routines work best when they are well understood and used in everyday life.
NIS2/Digital Security Act
The NIS2 Directive is intended to increase the resilience of network and information systems for both private and public entities operating in relevant sectors in the EU, including the healthcare sector.
Deepinsight complies with the requirements of the NIS2 Directive and the Norwegian implementation of the Digital Security Act. Deepinsight customers can be completely confident that we have the necessary policies and processes in place required for the customer to also meet their obligations under NIS2.
Standard for information security and privacy in the health and care sector (the Norm)
The Norm describes organizational, technical, physical, and personnel security measures considered suitable for achieving satisfactory information security and privacy in the healthcare sector.
Deepinsight follows the requirements and recommendations set out in the Norm and uses it as a basis for the services we deliver.
