Security first: “ISO 27001 fitted Visma’s Cloud Delivery Model like a glove”

Visma’s model for delivery of cloud services has achieved ISO 27001 certification, adhering to international best practices within security.

Visma’s Cloud Delivery Model (VCDM) was initiated in 2015 as a separate project with a few dedicated participants from Visma Software International, Visma Enterprise and Visma IT & Communications. The goal was to build a foundation for the future, anticipating an effective move to cloud to be a critical success factor for the Visma Group in the years to come.

VCDM describes a common approach to developing, delivering and operating cloud services in Visma. It describes aspects of how to organize (virtual teams, roles, responsibilities), how to work (processes) as well as technical requirements and best practices necessary for successful cloud service delivery.

In August last year, Mette Lise Hassing and her colleagues initiated the ISO approval process. In February, after just six months, Nemko signed and issued the ISO 27001:2017 certificate, aiming to meet the standards requirements for information security management systems (ISMS). Mette says that “as it turned out, the VCDM structure was very similar to the one in the quality standard – it fitted like a glove”. Although Visma AS is named on the certificate, she emphasizes that it is actually the model itself that is certified, not any particular legal unit, which is normally the case.

The certification provides the organization assurance that the model is solid, and services approved for VCDM can now claim to be working according to ISO 27001 certified processes. Currently, 42 services are already onboarded, 6 are close to be approved and 40 more services are on their way.

This certification is a way for existing and potential customers to easily understand that Visma adheres to international best practices within security.