Trust Centre
Trust Centre
The Visma Security Program
Security cultures are not built through policies. They are built through people making deliberate decisions, every day, across every team.
Our security culture is what the Visma Security Program is designed to sustain.
As the world’s largest business software network, the way we own combines the agility of a local brand with the industrial scale of a global leader
A shared discipline practiced by dedicated security engineers, coordinated across the group through the Visma Security Guild. And reinforced by a framework that makes good security decisions the path of least resistance.
That culture needs infrastructure behind it. This is how we build it.
What you can rely on
Every company and product operating under the Visma Security Program is held to the same rigorous baseline. Security maturity is measured continuously, not annually. Vulnerabilities are found by our own systems, by independent teams, and by the global security research community before they can be exploited. If any incidents occur, a 24/7 security operations capability ensures they are detected and contained.
How we maintain it
⏵ Defined maturity levels
Products operate at Bronze, Silver, Gold or Platinum security levels. Each level defines a concrete operational rhythm, with Gold requiring active security work every week, and Platinum every day. Every product's real-time performance against its target level is visible in a live dashboard, the Security Maturity Index.
⏵ Dedicated expertise
Every company in the Visma Group assigns a dedicated Security Engineer responsible for maintaining and advancing their security posture. These engineers operate as part of the Visma Security Guild, a cross-group network that shares threat intelligence, best practices, and institutional knowledge.
⏵ Independent verification
We do not rely solely on internal assessments. Our security is verified through daily automated code scanning, deep-dive penetration testing against the OWASP Top 10 by independent teams, and a public bug bounty program that invites the global security community to challenge our systems
⏵ Privacy and compliance by design
Privacy and legal compliance are not layered on after the fact. They are built into our products from the outset, through GDPR-aligned data handling, integrated compliance workflows, and security reviews that are part of our standard development process – not an afterthought.
A coherent standard across the entire group
The Visma Security Program applies the same maturity framework across every company and product in our portfolio. Whether you are a customer relying on our software or an investor evaluating our risk posture, you are looking at a single, consistent standard – not a patchwork of individual company policies. Security, at Visma, is a shared discipline. This includes access to a confidential whistleblowing channel for raising concerns.
For governance details, visit our investor relations page.