Skip to main content

Security first: “ISO 27001 fitted Visma’s Cloud Delivery Model like a glove”

Visma’s model for delivery of cloud services has achieved ISO 27001 certification, adhering to international best practices within security. But what does this entail?

Security first: “ISO 27001 fitted Visma’s Cloud Delivery Model like a glove”
Security first: “ISO 27001 fitted Visma’s Cloud Delivery Model like a glove”

Visma’s model for delivery of cloud services has achieved ISO 27001 certification, adhering to international best practices within security.

Visma’s Cloud Delivery Model (VCDM) was initiated in 2015 as a separate project with a few dedicated participants from Visma Software International, Visma Enterprise and Visma IT & Communications. The goal was to build a foundation for the future, anticipating an effective move to cloud to be a critical success factor for the Visma Group in the years to come.

VCDM describes a common approach to developing, delivering and operating cloud services in Visma. It describes aspects of how to organize (virtual teams, roles, responsibilities), how to work (processes) as well as technical requirements and best practices necessary for successful cloud service delivery.

In August last year, Mette Lise Hassing and her colleagues initiated the ISO approval process. In February, after just six months, Nemko signed and issued the ISO 27001:2017 certificate, aiming to meet the standards requirements for information security management systems (ISMS). Mette says that “as it turned out, the VCDM structure was very similar to the one in the quality standard – it fitted like a glove”. Although Visma AS is named on the certificate, she emphasizes that it is actually the model itself that is certified, not any particular legal unit, which is normally the case.

The certification provides the organization assurance that the model is solid, and services approved for VCDM can now claim to be working according to ISO 27001 certified processes. Currently, 42 services are already onboarded, 6 are close to be approved and 40 more services are on their way.

This certification is a way for existing and potential customers to easily understand that Visma adheres to international best practices within security.

Most popular

  • ""

    What is an IT Security Policy?

    Every organisation—from startups to large, global corporations and nonprofits—must make sure that they have procedures to keep up with an ever-changing landscape of threats and vulnerabilities to keep its assets secure. But what is an IT Security Policy, and how do you enforce them?

  • ""

    Turning the UEFA Euro into math

    The Finnish company Weoptit, a company in Visma, has turned the UEFA Euro tournament into math and simulations. Based on a model originally built by their analysts prior to the World Cup 2006, they have played out the tournament 1,000 000 times to find out what results each team can expect from this summer’s football festival.