Privacy in Visma

Organisation and Visma Culture

The Visma group has an extensive framework for security and privacy. This includes policies, guidelines, a corporate Chief Information Security Officer, Data Protection Council (DPC) and Data Protection Officer (DPO). The responsibility for privacy work in Visma has been delegated to the DPO, an independent formal role described in the GDPR.


Security and Risk Assessments

Assessing privacy and security risk are part of all services lifecycle.


Visma's Roles

The GDPR defines two roles that are subject to different legal obligations; controller and processor.


How do we manage incidents

In the event of a security incident, such as a denial of service attack or phising, a Product Security Incident Response Team (PSIRT) is established. The team acts as a self-managed team in order to ensure high responsiveness to the threat, intrusion or incident.

The PSIRT is supported by the Security Operations Centre, and if required the Central Security Incident Response Team (CSIRT). The CSIRT is at the Visma group level, and together, these three entities work to enable us to respond quickly and appropriately to security incidents, manage more complex incidents and ensuring that the customer recieves timely and relevant information in the event of an incident.


We use cookies to collect information on your interaction with our website and combine this with the data you provide us to build a profile so we can show you content tailored to your interests. By accepting, you allow us to collect and process your personal information as described here.