Book Demo
Anette Svane Vestergaard
About author
02 Mar 2026

A Clear Path Through Healthcare Compliance: How Aidn Uses NorthGRC to Manage Risk at Scale

Operating in the healthcare sector means operating under scrutiny. For Aidn, a software company supporting Norwegian municipalities with critical journaling systems, compliance is not just a contractual requirement — it is a prerequisite for trust.

With strict regulatory demands, distributed teams, and multiple compliance frameworks to manage, Aidn needed a way to document risk and compliance clearly, consistently, and credibly. That need led them to NorthGRC.

 

Security Ownership in a Distributed Organisation

 

Christian Jacobsen, Head of Security at Aidn, works within a distributed operating model. Aidn has around 120 employees organised into twelve product teams, each responsible for its own risk assessments.

 

“We operate with a high degree of decentralisation. Each product team acts as their own risk owner, but we still need a common structure, a shared framework and a single source of truth,” Christian explains.

 

That balance between autonomy and oversight is central to Aidn's approach to governance, risk, and compliance.

 

Meeting Strict Healthcare Sector Demands

 

Aidn delivers cloud-based journaling software to the municipalities in Norway, which all act as their own data controllers. Accordingly, this creates a particularly demanding compliance environment.

 

“Many municipalities simply do not have enough resources dedicated to security and privacy. That makes them more risk-averse than they need to. And of course, the expectations for documentation of compliance towards a vendor such as us in the health care space, are very high.”

 

In this context, NorthGRC plays a critical role.

 

“NorthGRC is extremely useful for documenting compliance and showing that we know what we are doing,” says Christian. “It helps us demonstrate our maturity to customers who need strong assurance.”

 

Managing Multiple Frameworks Without Losing Overview

 

Aidn works with several standards and frameworks in parallel, including international standards such as ISO 27001, NIS2 and CIS18, as well as Norwegian-specific standards such as Normen, and NSMs grunnprinsipper for IKT-sikkerhet. Managing these requirements separately would be inefficient and error-prone.

 

“The cross-mapping in NorthGRC is a real strength,” Christian explains. “It allows us to work with multiple frameworks at the same time without duplicating effort.”

 

This interconnected approach enables Aidn to maintain clarity across requirements while still tailoring risk assessments to each product team.

 

Supporting Management Oversight and Audits

 

NorthGRC has played a central role in Aidn’s compliance journey, including its successful ISO 27001 certification.

 

“NorthGRC was instrumental in achieving certification,” Christian says. “It gave us a clear path to ISO 27001 by showing us exactly where to focus.”

 

Compliance status, audit reports, and post-audit documentation from NorthGRC are reviewed in Aidn’s internal Information Security Forum, ensuring management has access to the right information when needed.

 

Choosing NorthGRC in a Competitive Market

 

When Christian joined Aidn in 2024, selecting a GRC platform was a priority, and a structured evaluation process was initiated.

 

“In the end, we chose NorthGRC because it was clearly stronger when it came to risk assessments and overall structure,” Christian explains. “That was more important for us than a purely technical or endpoint-focused view of compliance.”

 

That focus aligned well with Aidn’s size, the regulatory demands of the healthcare sector, and a distributed organisation where clear risk ownership is essential.

 

A Platform That Creates Participation and Trust

 

NorthGRC’s Google authentication makes it easy for all employees to participate in compliance work when needed. Aidn has also extended access to external stakeholders.

 

“We give access to DPOs and security personnel in the municipalities we work with,” Christian says. “That transparency builds trust and makes collaboration much easier.”

 

For Aidn, NorthGRC is not just a platform for passing audits, but a tool that supports credibility, structure, and long-term confidence in a highly regulated sector.

 

Looking for a clear path through complex compliance requirements?


NorthGRC helps organisations manage risk, documentation and multiple frameworks through one connected platform — turning regulatory complexity into clear, actionable risk intelligence.

 

Take the next step toward one clear direction. Book a personal demo and discover how we can be your guides within Governance, Risk & Compliance.

 

Continue your journey with NorthGRC:
Risk Management
Working with Multiple Frameworks