Security and Privacy Assessment

Visma and our products are constantly developing and moving forward. To ensure that we move according to applicable privacy and security legislation, and our customers trust and expectations, Visma has implemented a security and privacy assessment program. For every software service we launch in the market a mandatory security and privacy self assessment  shall be completed, reviewed and approved. The security and privacy assessments consists of detailed and concrete requirements, questions and assessments. Once approved, the assessments are monitored and updated on a yearly basis or more often depending on the service development.

The assessment consists of a security and a privacy part


Security assessment

The security assessment consists of requirements and questions regarding security specific components as use of encryption, firewall, access and authorisation controls ect. Further, a detailed diagram showing all system components, integrations and connections, data flow diagram and overview of subprocessors are included.  In addition, requirements with regards to injection prevention, cross site scripting, error handling and deployment review is also included.


Privacy assessment

The privacy assessment consists of detailed data classification such as analysis of data ownership, types and categories of data processed, where data is stored and processed, how long data is stored and subprocessors with access to personal data.

Further, the privacy assessment also consist of continuously assessing privacy potential risk and mitigation.

We use cookies to collect information on your interaction with our website and combine this with the data you provide us to build a profile so we can show you content tailored to your interests. By accepting, you allow us to collect and process your personal information as described here.