DNV Imatis acknowledges the importance of good ethics, privacy and information security. It is our highest priority in everything we do, be it designing new features or choosing our suppliers.
The Norwegian Directorate of e-Health operates under the purview of the Norwegian Ministry of Health and Care Services, ensuring compliance with established regulations. It has crafted a comprehensive standard referred to as the “Code of Conduct for Information Security in Healthcare” (commonly known as “the Code”). This Code stands as a holistic framework designed to address information security and data protection requirements for all healthcare sector organisations. Our adherence to this code can be subject to audit by Norsk Helsenett.
In our dedication to compliance and the safeguarding of information security, we are currently undergoing an audit process towards being ISO 27001:2022 certified by Kiwa AS. This certification entails recertification every three years and annual surveillance audits. Our holistic information security management system is meticulously designed to demonstrate compliance with a range of standards, including ISO 27001:2022 Information Security Management System requirements, guidelines outlined in ISO 27017:2021 for Code of Practice for IS Controls for Cloud Services, ISO 27018:2019 for the Protection of Personally Identifiable Information in public clouds when acting as PII processors, and adherence to Normen Code. This broad spectrum of compliance measures equips us with a comprehensive toolkit and proactive measures to consistently enhance and update our security protocols.
Our primary information security goals encompass the following:
1. Ensuring the prevention of any significant breaches that could compromise the privacy of data within our systems.
2. Requiring a minimum of 95% of our employees to engage in annual Cybersecurity and Information Security training, thereby enhancing awareness and preparedness across our organisation.
DTAC and DSPT for United Kingdom
DNV Imatis is actively pursuing approval from the National Health Service (NHS) organisation for Digital Technology Assessment Criteria (DTAC). To ensure our commitment to data security and protection, we conduct annual self-assessments to meet the requirements outlined in the Data Security and Protection Toolkit (DSPT).
The Norwegian Transparency Act guides our interactions with suppliers and partners. To learn more about our practices in this area and access our annual reports, please visit Our Social Responsibility.
Please feel free to reach out to us at email@example.com if you have any inquiries or require further assistance.