Visma and our products are constantly developing and moving forward. To ensure that we move according to applicable privacy and security legislation, and our customers trust and expectations, Visma has implemented a security and privacy assessment program. For every software service we launch in the market a mandatory security and privacy self assessment shall be completed, reviewed and approved. The security and privacy assessments consists of detailed and concrete requirements, questions and assessments. Once approved, the assessments are monitored and updated on a yearly basis or more often depending on the service development.
The assessment consists of a security and a privacy part
The security assessment consists of requirements and questions regarding security specific components as use of encryption, firewall, access and authorisation controls ect. Further, a detailed diagram showing all system components, integrations and connections, data flow diagram and overview of subprocessors are included. In addition, requirements with regards to injection prevention, cross site scripting, error handling and deployment review is also included.
The Visma privacy assessment ensures a continuous focus on documenting status and mitigating risk. In short, keeping track on what kind of data is processed, how the data is processed, in what manner its protected and who it’s shared with.
Further, the privacy assessment also consist of continuously assessing potential privacy risk and measures to mitigate these. The purpose is to ensure awareness of potential risk at all times, and to be able to work continuously to strengthen the Visma products and our customers.
