Compliance
DNV Imatis acknowledges the importance of good ethics, privacy and information security. It is our highest priority in everything we do, be it designing new features or choosing our suppliers.
Normen "Code"
The Norwegian Directorate of e-Health operates under the purview of the Norwegian Ministry of Health and Care Services, ensuring compliance with established regulations. It has crafted a comprehensive standard referred to as the “Code of Conduct for Information Security in Healthcare” (commonly known as “the Code”). This Code stands as a holistic framework designed to address information security and data protection requirements for all healthcare sector organisations. Our adherence to this code can be subject to audit by Norsk Helsenett.
Information security
In our dedication to compliance and the safeguarding of information security, we are ISO 27001:2022 certified by Kiwa AS. This certification entails recertification every three years and annual surveillance audits. Our holistic information security management system is meticulously designed to demonstrate compliance with a range of standards, including ISO 27001:2022 Information Security Management System requirements, guidelines outlined in ISO 27017:2021 for Code of Practice for IS Controls for Cloud Services, ISO 27018:2019 for the Protection of Personally Identifiable Information in public clouds when acting as PII processors, and adherence to Normen Code. This broad spectrum of compliance measures equips us with a comprehensive toolkit and proactive measures to consistently enhance and update our security protocols.
Our primary information security goals encompass the following:
1. Ensuring the prevention of any significant breaches that could compromise the privacy of data within our systems.
2. Requiring a minimum of 95% of our employees to engage in annual Cybersecurity and Information Security training, thereby enhancing awareness and preparedness across our organisation.
DTAC and DSPT for United Kingdom
DNV Imatis complies with the National Health Service (NHS) requirements for Digital Technology Assessment Criteria (DTAC). To ensure our commitment to data security and protection, we also conduct annual self-assessments to meet the requirements outlined in the Data Security and Protection Toolkit (DSPT). The annually renewable Cyber Essentials certification helps us to guard against the most common cyber threats and demonstrate our commitment to cyber security.
Transparency Act
The Norwegian Transparency Act guides our interactions with suppliers and partners. To learn more about our practices in this area and access our annual reports, please visit Our Social Responsibility.
Quality
At DNV Imatis, we are committed to delivering high-quality software solutions that meet the needs of our clients and contribute to improved healthcare services. Our quality policy outlines our dedication to excellence, continuous improvement, and adherence to ISO 9001 standard.
Our primary quality objectives include:
- Customer Satisfaction
Ensuring that our software solutions deliveries meet customer expectations by providing reliable, efficient, and user-friendly solutions. In addition, ensure that our other main business processes are delivered with expected quality and efficiency. - Process Efficiency
Continuously improving our main business processes to enhance efficiency and reduce defects. - Compliance
Adhering to ISO 9001:2015 requirements and all other relevant regulations and certifications we are bound by.
Please feel free to reach out to us at compliance@dnvimatis.com if you have any inquiries or require further assistance.