The Risk, Design and Requirements section explained what we do with our services before they’re put into production and made available for you, our customer.

This section explains how we maintain security and privacy in our live production environments.


If you have found security defects or vulnerabilities in our products and services, please see our Responsible Disclosure policy. 

Security Operations Centre

The Security Operations Centre (SOC) is our central security- and intelligence hub.  The SOC assists our development- and other teams with actionable intelligence, and takes an active part when events occur.  The SOC is an integral part of our event management system, and focuses on monitoring, collection and analysis of data to assist the teams in protecting our services.  


Security Team and Security Manager

The Security Team and the Security Manager is a dedicated team of security professionals , responsible for providing security and intelligence services for the development teams.    

These deliveries is gathered and managed through the security and privacy programme, as described in these pages.

The Security Team consist of highly specialised and skilled personnel that assists both management and the dev teams in the effort of keeping our products and services secure.

The Security Team is an international organisation with a wide array of specialities, including in depth penetration testing, OSINT, Secure Coding, Static Analysis, SecDevOps, Security Management, Crisis Management, Police Cooperation,  Intelligence Analysis, Intelligence Operations, Compliance against standards, Security in Agile organisations and more.

In short : Your friendly hackers that assist the teams and our clients in the daily struggles in an ever changing online world. We sometimes wear hoodies and jeans, and on other occasions we wear suits or skirts.

Members of our Security Team are in action in public events, such as Paranoia 2018 and HackCon.

Security Engineer and Security Guild

The Security Engineer is a professional the development team that is the "onsite" security professional. The Security Engineer is an integral part of the development team, and reports to the product owner. He or she knows the products' context in full detail, and is supported by the Security Team and the peers in the Security Guild, as well as the Data Protection Manager.

The Security Engineer is in many ways the most important piece of the puzzle since he or she draws on the resources from the rest of the organisation, and has the backing from top management in his or her execution of the task of securing the product, providing a good service to our customers.

The Security Guild is run by the Security Engineers, and administered by the Security Team.  In the guild, the Security Engineers and the Security Team discuss and share experiences for the purpose of improving the security of our services.  The Guild is held every second week and the Security Engineers volunteer experience sharing and provide a venue for getting contextual assistance from peers across the organisation.  

The guild is open for all Visma employees but mostly populated by Security Engineers or people that want to aspire to this position in the future.


Data Protection Manager

The Data Protection Manager is a position modelled after the Data Protection Officer- role in the GDPR. Every legal unit in Visma has a DPM, who acts as an advisor and contact point for matters related to privacy and data protection.

In Visma Software SMB, the DPM is a full-time position. Our DPM works daily with the development teams and the Security Team. The DPM reports to the SMB Division Director, and also independently to Visma’s corporate Data Protection Officer.


To safeguard our customers, their data and our products and services, we run several active intelligence efforts.

These efforts include monitoring and surveillance of our services as well as most dark web forums and marketplaces used by malicious actors globally.  This intelligence is continuously analyzed by senior cyber intelligence specialists.

Alerts are escalated to our development teams after validation, to ensure high quality and actionable intelligence.



When making our services available to our customers, they are carefully monitored. This includes continuous scanning for vulnerabilities, monitoring of intrusion attempts as well as abuse detection. Denial-of-service (DDoS) attack prevention, frequent penetration testing as well as data analytics to make sure that the operation is stable and secure.

Incident response/PSIRT

In the event of a security incident, such as a denial of service attack or phising, a PSIRT is established. A PSIRT is a Product Security Incident Response Team, and acts as a self- managed team in order to ensure high responsiveness to the threat, intrusion or incident.

The PSIRT is supported by the Security Operations Centre and if required the CSIRT, the Central Security Incident Response Team. The CSIRT is at the Visma group level, and together, these three entities work to enable us to respond quickly and appropriately to security incidents, manage more complex incidents and ensuring that the customer recieves timely and relevant information in the event of an incident.