Transparency

The Visma server infrastructure is built on secure public cloud solutions. We also use our own data centres facilitated by Visma IT & Communications. Data processing takes place in Europe and follows local European regulations and requirements regarding protection of data privacy. In order to comply with national legal requirements, separate data storage is in addition provided in Norway and Sweden (see FAQ for details on national requirements).

  • Locked and alarmed with 24/7 surveillance.
  • External and internal video monitoring and traceability of access to the premises.
  • Redundant climate control with environmental monitoring of gas, moisture, heat and water.
  • Fire alarm with automatic fire fighting equipment.
  • Uninterruptible power supply regularly tested against fictional power outages.
  • For public cloud solutions, we use the vendor's data centres for storage of information. They run around the clock and ensure operations by protecting against power outage, physical intrusion and network outage. These data centres conform to recognised industry standards of physical security and reliability.

Visma Software stores and processes Cloud ERP and HRM customer data at the following data centres

Data centreLocationKey products / product linesKey compliance
Visma IT&C data centre Norway, Oslo Visma.net: Financials & Logistics, Payroll, Expense, Absence, Approval ISO 9001, ISO 27001, ISO 20000, ISAE 3402 SOC1
Amazon Web Services (AWS) Ireland, Dublin + Germany, Frankfurt Visma e-conomic (secondary hosting) ISO 9001, ISO 27001, ISAE3402 SOC1, SOC2
Microsoft Azure Ireland, Dublin + Germany, Frankfurt Visma eAccounting, Visma Advisor, Visma Financial Overview ISO 9001, ISO 27001, ISAE3402 SOC1, SOC2
Solido

Denmark, Copenhagen

Visma e-conomic ISO/IEC 27001:2005, ISO 22301, BS 25999-2:2007
Elisa Appelsiini Finland Visma Netvisor ISAE 3402, ISO 9001, ISO 20000-1
Rackspace UK, Berkshire Visma Severa ISO 27001, ISO 9001, ISAE 3402 SOC1, SOC3
Linode UK, London Visma DigitalBooker ISO 27001
Host1.no Norway, Oslo Visma WebFaktura ISO 9001, ISO 14001, ISO 2700

FAQ

Q: Is it legal to store data outside of my country?

In general, yes. However, some countries have rules that specify special requirements (especially for accounting and payroll data). Where applicable, the information is transferred and stored in your country in order to comply with the rules.

For an overview of the various requirements, see below:

Definitions

Primary documentation:

Recorded information or documentation connected to the Balance Sheet.
Example: Invoices, receipts and expense reports from employees.

Secondary documentation:

Documents that function more as a “supplement” (secondary evidence).
Example: Contracts/agreements, outgoing packaging slips and time sheets.

For Norway:
  • Primary and secondary documentation shall be stored in Norway.
  • The documentation may be stored in the Nordic countries under the (main) condition that the bookkeeping entity (Visma Customer) inform the Directorate of Taxes in writing as to what accounting materials are stored abroad, where the accounting materials are stored, and how the inspection of bodies may access the accounting material at any given time.
  • If the documentation shall be stored outside the Nordic countries, each company must apply to the Tax Inspectorate for dispensation.
  • The primary documentation shall be stored for 5 years.
  • The secondary documentation shall be stored in 3.5 years.
For Sweden:
  • Primary and secondary documentation shall be stored in Sweden.
  • The documentation may be stored in the EU, Norway or Iceland under the condition that the bookkeeping entity (Visma Customer) inform the Directorate of Taxes in writing.
  • The primary and secondary documentation shall be stored for 7 years.
For Finland
  • Primary and secondary documentation shall be stored in Finland or another EU country.
  • Primary documentation shall be stored for 10 years.
  • Secondary documentation shall be stored for 6 years.
For the Netherlands
  • Primary and secondary documentation shall be stored in the Netherlands or another EU country.
  • Primary and secondary documentation shall be stored for 7 years.
For Denmark
  • Primary and secondary documentation shall be stored in Denmark.
  • Primary and secondary documentation shall be stored for 5 years.

Q: Where is data stored when integrating to other services / assets?

See the data centre table above.

Q: What about storage or processing of data outside of the EU/EEA?

All data centres hosting Visma's software are located in the EU/EEA. In the case of US based providers (Amazon Web Services, Microsoft Azure and Rackspace), we host and process data only in their European data centres. Furthermore, Visma only contracts US based Data processors and Data Sub-processors that use EU Standard Contractual Clauses in the contracts, and we follow closely the development of the Privacy Shield framework.


Please see the data centre table above. For further information about data centres, certifications, or data protection, please contact us at trust@visma.com.

Vision, mission and values

We work towards:
Providing IT solutions that keep our customers one step ahead of their competition.

We are here to:
Promote competitiveness and contribute to the creation of growth and effectiveness for our customers.

We live by:
Respect, reliability, innovation, competence and team spirit.

Development process

Visma strives to develop software according to current development best practices. We keep up to date with industry trends and predictions, as well as planned and possible disruptive changes.

We have many teams developing software in Visma, therefore there are some differences between the teams, both in how the teams work and in how fast they deliver software to our customers.The number of team members, the customer segment and the service or product the team is working on, determines how they work. The teams release changes and new versions to customers at varying intervals, ranging from daily updates when needed to longer intervals.

We hold the quality of our software as our highest priority, including security and performance of the service. Customer involvement during the development stage is a crucial aspect in order for us to always be in tune with our customers’ needs, and be able to deliver the most important features needed by our customers.

All of our services are continuously monitored, and if any deviations are detected and have an impact on one or several of our customers it is reported on our status sites (e.g. https://status.visma.com for general products or https://status.visma.net for the Visma.net product line).

Incident management

An incident is defined as "any event which is not part of the standard operation of a service and which causes or may cause an interruption to, or a reduction in, the quality of that service".

When we receive notification of an incident in our system, either from our customers who report a deviation, or from our internal resources (personnel or monitoring), our teams immediately act upon this information and try to classify the incident severity. If of high severity, we follow an escalation process in order to reach the correct team and fix the deviation as soon as possible.

Compliance to standards and certificates

In order to make sure that we are following the best development practices, we always strive to comply with industry standards and have regular audits by approved external organisations to ensure these are followed to the right extent.