HUNT Cloud - Security and Compliance

HUNT Cloud - Security and Compliance

We are committed to international excellence in privacy and information security

We believe that trust from data donors is the single most valuable asset in biomedical research. We are therefore proud to be the first academic research cloud in Norway with third-party certified management systems both for quality and information security. We are also proud to work with data controllers that expect such strict independent verifications, both to ensure their commitment to research participant's privacy, and to ensure their compliance with laws and regulations.

Data ownership

You retain ownership over data that are uploaded and generate in HUNT Cloud. This is regulated in Data Processor Agreements (databehandleravtaler) between the organization that control the data and HUNT Cloud. This include access to system documentation and risk evaluations, as well as the right (and expectation) to conduct regular audits to confirm compliance with system expectations.

Regulatory compliance

HUNT Cloud enable data controllers and researchers to become compliant with acts and regulations that regulate privacy and information security, such as The Personal Data Act (Personopplysningsloven), The Health Research Act (Helseforskningsloven), The Health Registry Act (Helseregisterloven), The Health Personnel Act (Helsepersonelloven), and The Data Protection Directive from EU (GDPR).

Independent third-party certifications

We undergo two independent third-party audits on regular basis for our information security and quality management systems, ISO 27001 and ISO 9001 respectively. For each one, an independent auditor examines our data center, infrastructure, services and operations. This help data controllers and regulators to confirm that our services meet strict security and compliance needs.

Click here to see our certificates and scoping documents

Self assessments

We do maintain self assessed statements of applicability for the Norwegian «Norm for informasjonssikkerhet» and Subpart C of «HIPAA».


We welcome audits from data controllers and research leaders to ensure compliance with your expectations.

Design Principle

We strive to provide elegant and easy-to-use security controls for optimal user compliance. Our role model is «safe drinking water» for which you may enjoy instant access without thinking too much about the purification process. We do therefore allow for an initial installation of «water pipes» as long as you may enjoy subsequent instant access without thinking too much about the security controls

Key security controls

HUNT Cloud ensure that research information is protected by an extensive list of 121 information security controls for which we are applicable. This list include important controls such as:  

Encrypted communication: Access from the outside are only allowed in encrypted tunnels (VPN) to provide confidentiality of information.

Restricted communication: Access are restricted to communication that is agreed by data controllers and lab owners using firewalls.

Unique users: Each user has unique credentials to ensure one person per login.

Two-step verification: Users are required to enter a verification code in addition to their user name and password to log in.

Private networks: Research projects are logically isolated from each others network communication.

Private storage: Research projects are logically isolated from each others data, even when it's stored on the same physical server.

Data residency: All data is located in Norway.


Please contact us for further information on our security and compliance.




Contact widget

Emergencies: Report data breach or data loss to

Contact: Feel free to send us an email at